www.winhelponline.com Open in urlscan Pro
2606:4700:3032::ac43:c7ab Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.winhelponline.com/
Submission: On February 13 via manual (February 13th 2021, 8:31:43 am UTC) from ZA

Summary HTTP 448 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 50 IPs in 10 countries across 61 domains to perform 448 HTTP transactions. The main IP is 2606:4700:3032::ac43:c7ab, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.winhelponline.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 10th 2020. Valid for: a year.

This is the only time www.winhelponline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
105	2606:4700:303... 2606:4700:3032::ac43:c7ab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	13.224.192.34 13.224.192.34	16509 (AMAZON-02) (AMAZON-02)
11	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700:303... 2606:4700:3030::ac43:c6a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
4 118	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
4	35.190.64.11 35.190.64.11	15169 (GOOGLE) (GOOGLE)
11	18.156.95.187 18.156.95.187	16509 (AMAZON-02) (AMAZON-02)
13	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	65.9.69.5 65.9.69.5	16509 (AMAZON-02) (AMAZON-02)
4	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
6 13	2a00:1450:400... 2a00:1450:4001:82b::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1 8	52.95.123.167 52.95.123.167	16509 (AMAZON-02) (AMAZON-02)
6	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
61	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
2 2	65.9.69.83 65.9.69.83	16509 (AMAZON-02) (AMAZON-02)
3 3	213.19.147.151 213.19.147.151	3356 (LEVEL3) (LEVEL3)
4 6	52.209.120.242 52.209.120.242	16509 (AMAZON-02) (AMAZON-02)
4 10	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:fa8:8806... 2a02:fa8:8806:12::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
3	23.218.208.200 23.218.208.200	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	216.52.2.39 216.52.2.39	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 3	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	54.239.17.112 54.239.17.112	16509 (AMAZON-02) (AMAZON-02)
2 2	18.159.187.109 18.159.187.109	16509 (AMAZON-02) (AMAZON-02)
2 2	185.33.221.90 185.33.221.90	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.120.207.148 34.120.207.148	15169 (GOOGLE) (GOOGLE)
2 2	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (TURN) (TURN)
2 6	2620:116:800d... 2620:116:800d:21:f916:5049:f87f:108e	16509 (AMAZON-02) (AMAZON-02)
4	72.251.249.13 72.251.249.13	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
6 6	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1 1	18.198.126.47 18.198.126.47	16509 (AMAZON-02) (AMAZON-02)
2 2	35.227.248.159 35.227.248.159	15169 (GOOGLE) (GOOGLE)
5 5	52.59.81.87 52.59.81.87	16509 (AMAZON-02) (AMAZON-02)
2 2	18.193.31.194 18.193.31.194	16509 (AMAZON-02) (AMAZON-02)
2 2	198.148.27.140 198.148.27.140	19189 (PULSEPOINT) (PULSEPOINT)
2 2	213.155.156.164 213.155.156.164	1299 (TELIANET ...) (TELIANET Telia Carrier)
7	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5 5	54.72.203.0 54.72.203.0	16509 (AMAZON-02) (AMAZON-02)
1 1	185.86.137.131 185.86.137.131	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	85.114.159.118 85.114.159.118	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
8	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	94.23.171.206 94.23.171.206	16276 (OVH) (OVH)
1	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	77.243.60.138 77.243.60.138	42697 (NETIC-AS) (NETIC-AS)
2 2	35.201.96.126 35.201.96.126	15169 (GOOGLE) (GOOGLE)
1	185.64.189.249 185.64.189.249	62713 (AS-PUBMATIC) (AS-PUBMATIC)
4 4	37.157.2.236 37.157.2.236	198622 (ADFORM) (ADFORM)
1 1	185.29.132.69 185.29.132.69	30419 (MEDIAMATH...) (MEDIAMATH-INC)
2 2	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
4 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 3	185.64.189.114 185.64.189.114	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2a00:1288:110... 2a00:1288:110:c305::8000	34010 (YAHOO-IRD) (YAHOO-IRD)
1 1	51.255.68.171 51.255.68.171	16276 (OVH) (OVH)
3 3	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2 2	178.62.202.251 178.62.202.251	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	159.253.128.188 159.253.128.188	36351 (SOFTLAYER) (SOFTLAYER)
2	52.17.137.119 52.17.137.119	16509 (AMAZON-02) (AMAZON-02)
1 2	184.25.115.49 184.25.115.49	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2600:9000:206... 2600:9000:206f:1c00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1 1	178.162.133.149 178.162.133.149	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
2 2	52.28.254.214 52.28.254.214	16509 (AMAZON-02) (AMAZON-02)
1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET)
1 1	172.105.221.29 172.105.221.29	63949 (LINODE-AP...) (LINODE-AP Linode)
2 2	193.232.148.143 193.232.148.143	48061 (UMA-TECH-AS) (UMA-TECH-AS)
1 1	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	80.64.106.148 80.64.106.148	20764 (RASCOM-AS...) (RASCOM-AS CJSC RASCOM ISP)
1 1	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
20	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
1	2600:9000:20e... 2600:9000:20eb:2400:2:cb38:840:93a1	16509 (AMAZON-02) (AMAZON-02)
448	50

105 2606:4700:3032::ac43:c7ab (United States)

ASN13335 (CLOUDFLARENET, US)

www.winhelponline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.224.192.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-192-34.fra2.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:c6a9 (United States)

ASN13335 (CLOUDFLARENET, US)

go.ezodn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

118 142.250.185.130 (United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.64.11 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 11.64.190.35.bc.googleusercontent.com

absorbingcorn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 18.156.95.187 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com

g.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cse.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.69.5 (United States)

ASN16509 (AMAZON-02, US)

js.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82b::2004 (Frankfurt am Main, Germany) 6 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

clients1.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 52.95.123.167 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

61 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.102 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.69.83 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.151 (United Kingdom) 3 redirects

ASN3356 (LEVEL3, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.209.120.242 (Dublin, Ireland) 4 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
data.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.218.208.246 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:12::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

amazon-tam-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.218.208.200 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-200.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.39 (United States) 1 redirects

ASN29791 (VOXEL-DOT-NET, US)

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.115 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.239.17.112 (Ashburn, United States)

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.159.187.109 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.90 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 727.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.120.207.148 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 148.207.120.34.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:678:cb4:bbbb::11 (United Kingdom) 2 redirects

ASN56396 (TURN, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:116:800d:21:f916:5049:f87f:108e (United States) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 72.251.249.13 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 66.155.71.149 (Portsmouth, United Kingdom) 6 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.198.126.47 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.248.159 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.59.81.87 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-59-81-87.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.193.31.194 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.148.27.140 (New York, United States) 2 redirects

ASN19189 (PULSEPOINT, US)

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.164 (Sweden) 2 redirects

ASN1299 (TELIANET Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 54.72.203.0 (Dublin, Ireland) 5 redirects

ASN16509 (AMAZON-02, US)

match.prod.bidr.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.137.131 (France) 1 redirects

ASN201081 (SMARTADSERVER, FR)

rtb-csync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.171.206 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip206.ip-94-23-171.eu

green.erne.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)

mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.243.60.138 (Aalborg, Denmark) 1 redirects

ASN42697 (NETIC-AS, DK)

uipglob.semasio.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.201.96.126 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)

visitor.fiftyt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.249 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

aud.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.236 (Denmark) 4 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.132.69 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.220.242 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.189.114 (United Kingdom) 1 redirects

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::8000 (United Kingdom)

ASN34010 (YAHOO-IRD, GB)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.255.68.171 (France) 1 redirects

ASN16276 (OVH, FR)

dsp.nrich.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.114.49 (Frankfurt am Main, Germany) 3 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.62.202.251 (Amsterdam, Netherlands) 2 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (United States)

ASN41041 (VCLK-EU-SE, US)

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 159.253.128.188 (Amsterdam, Netherlands)

ASN36351 (SOFTLAYER, US)
PTR: bc.80.fd9f.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.137.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.25.115.49 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a184-25-115-49.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:206f:1c00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.149 (Netherlands) 1 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.28.254.214 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)

rtb2-useast.e-volution.ai	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.105.221.29 (Tokyo, Japan) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.232.148.143 (Russian Federation) 2 redirects

ASN48061 (UMA-TECH-AS, RU)

px.adhigh.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.64.106.148 (Russian Federation) 1 redirects

ASN20764 (RASCOM-AS CJSC RASCOM ISP, RU)

google-sync.rutarget.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.0.160.129 (United States) 1 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:2400:2:cb38:840:93a1 (United States)

ASN16509 (AMAZON-02, US)

go.ezoic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
114	doubleclick.net 6 redirects securepubads.g.doubleclick.net ad.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net	309 KB
105	winhelponline.com www.winhelponline.com	237 KB
79	googlesyndication.com a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com	607 KB
23	pubmatic.com 1 redirects ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com aud.pubmatic.com image4.pubmatic.com simage4.pubmatic.com	46 KB
22	google.com 6 redirects adservice.google.com cse.google.com www.google.com clients1.google.com	172 KB
20	ampproject.org cdn.ampproject.org	387 KB
13	gstatic.com fonts.gstatic.com	138 KB
12	ezoic.net g.ezoic.net go.ezoic.net	2 KB
12	googleapis.com fonts.googleapis.com www.googleapis.com	29 KB
12	amazon-adsystem.com 1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com s.amazon-adsystem.com	39 KB
10	casalemedia.com 4 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com	11 KB
6	googletagservices.com www.googletagservices.com	192 KB
6	sitescout.com 6 redirects pixel-sync.sitescout.com	3 KB
6	quantserve.com 2 redirects pixel.quantserve.com secure.quantserve.com	19 KB
6	lijit.com 1 redirects ap.lijit.com ce.lijit.com	7 KB
6	adsrvr.org 4 redirects match.adsrvr.org data.adsrvr.org	2 KB
5	yahoo.com 4 redirects ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	4 KB
5	bidr.io 5 redirects match.prod.bidr.io	2 KB
5	bidswitch.net 5 redirects x.bidswitch.net	2 KB
4	adform.net 4 redirects c1.adform.net	2 KB
4	adnxs.com 4 redirects secure.adnxs.com ib.adnxs.com	4 KB
4	absorbingcorn.com absorbingcorn.com	31 KB
3	everesttech.net 3 redirects sync-tm.everesttech.net	1 KB
3	rlcdn.com 2 redirects idsync.rlcdn.com	1 KB
3	gumgum.com js.gumgum.com g2.gumgum.com	38 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	adhigh.net 2 redirects px.adhigh.net	1 KB
2	advertising.com 2 redirects pixel.advertising.com	937 B
2	quantcount.com rules.quantcount.com	698 B
2	scorecardresearch.com 1 redirects sb.scorecardresearch.com	1 KB
2	bidtheatre.com 2 redirects match.adsby.bidtheatre.com	1 KB
2	fiftyt.com 2 redirects visitor.fiftyt.com	992 B
2	semasio.net 1 redirects uipglob.semasio.net	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	contextweb.com 2 redirects bh.contextweb.com	1 KB
2	creative-serving.com 2 redirects ads.creative-serving.com	1 KB
2	tapad.com 2 redirects pixel.tapad.com	984 B
2	turn.com 2 redirects ad.turn.com	943 B
2	w55c.net 2 redirects pm.w55c.net	1 KB
2	dotomi.com amazon-tam-match.dotomi.com pubmatic-match.dotomi.com	104 B
2	1rx.io 2 redirects sync.1rx.io	2 KB
2	smaato.net 2 redirects s.ad.smaato.net	1 KB
2	wp.com stats.wp.com pixel.wp.com	3 KB
1	rfihub.com 1 redirects a.rfihub.com	1 KB
1	rutarget.ru 1 redirects google-sync.rutarget.ru	577 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	460 B
1	appier.net 1 redirects a.c.appier.net	556 B
1	e-volution.ai rtb2-useast.e-volution.ai	233 B
1	sonobi.com 1 redirects sync.go.sonobi.com	852 B
1	simpli.fi um.simpli.fi	611 B
1	nrich.ai 1 redirects dsp.nrich.ai	489 B
1	mathtag.com 1 redirects sync.mathtag.com	680 B
1	zeotap.com mwzeom.zeotap.com	596 B
1	erne.co 1 redirects green.erne.co	325 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	smartadserver.com 1 redirects rtb-csync.smartadserver.com	775 B
1	criteo.com dis.criteo.com	304 B
1	exelator.com 1 redirects loadm.exelator.com	616 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	607 B
1	google.ch adservice.google.ch	803 B
1	ezodn.com go.ezodn.com	85 KB
448	61

	Domain	Requested by
105	www.winhelponline.com	www.winhelponline.com
81	securepubads.g.doubleclick.net	www.winhelponline.com securepubads.g.doubleclick.net a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
61	tpc.googlesyndication.com	securepubads.g.doubleclick.net absorbingcorn.com tpc.googlesyndication.com www.winhelponline.com a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com cdn.ampproject.org
21	cm.g.doubleclick.net	6 redirects a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
20	cdn.ampproject.org	securepubads.g.doubleclick.net
17	www.google.com	6 redirects cse.google.com www.google.com www.winhelponline.com a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
13	fonts.gstatic.com	fonts.googleapis.com
12	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com www.googletagservices.com
11	googleads.g.doubleclick.net	a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
11	g.ezoic.net	www.winhelponline.com
11	fonts.googleapis.com	www.winhelponline.com tpc.googlesyndication.com a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com securepubads.g.doubleclick.net
8	simage2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
8	aax-eu.amazon-adsystem.com	1 redirects c.amazon-adsystem.com aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com ap.lijit.com ads.pubmatic.com
7	image2.pubmatic.com	image6.pubmatic.com ads.pubmatic.com
6	www.googletagservices.com	securepubads.g.doubleclick.net a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
6	pixel-sync.sitescout.com	6 redirects
6	a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
5	match.prod.bidr.io	5 redirects
5	x.bidswitch.net	5 redirects
5	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
5	ssum-sec.casalemedia.com	3 redirects aax-eu.amazon-adsystem.com ssum-sec.casalemedia.com
5	match.adsrvr.org	4 redirects ssum-sec.casalemedia.com
4	ups.analytics.yahoo.com	4 redirects
4	c1.adform.net	4 redirects
4	ce.lijit.com	ap.lijit.com
4	pixel.quantserve.com	2 redirects www.winhelponline.com
4	absorbingcorn.com	www.winhelponline.com
3	sync-tm.everesttech.net	3 redirects
3	idsync.rlcdn.com	2 redirects ssum-sec.casalemedia.com
3	ads.pubmatic.com	aax-eu.amazon-adsystem.com ads.pubmatic.com
3	www.google-analytics.com	www.winhelponline.com www.google-analytics.com
3	c.amazon-adsystem.com	www.winhelponline.com c.amazon-adsystem.com
2	px.adhigh.net	2 redirects
2	pixel.advertising.com	2 redirects
2	rules.quantcount.com	secure.quantserve.com
2	secure.quantserve.com	www.winhelponline.com go.ezoic.net
2	sb.scorecardresearch.com	1 redirects
2	simage4.pubmatic.com	1 redirects
2	g2.gumgum.com	js.gumgum.com
2	match.adsby.bidtheatre.com	2 redirects
2	ib.adnxs.com	2 redirects
2	visitor.fiftyt.com	2 redirects
2	uipglob.semasio.net	1 redirects ads.pubmatic.com
2	d5p.de17a.com	2 redirects
2	bh.contextweb.com	2 redirects
2	ads.creative-serving.com	2 redirects
2	pixel.tapad.com	2 redirects
2	ad.turn.com	2 redirects
2	secure.adnxs.com	2 redirects
2	pm.w55c.net	2 redirects
2	ap.lijit.com	1 redirects aax-eu.amazon-adsystem.com
2	sync.1rx.io	2 redirects
2	s.ad.smaato.net	2 redirects
2	cse.google.com	www.winhelponline.com www.google.com
2	adservice.google.com	www.winhelponline.com securepubads.g.doubleclick.net
1	go.ezoic.net	www.winhelponline.com
1	a.rfihub.com	1 redirects
1	google-sync.rutarget.ru	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	a.c.appier.net	1 redirects
1	rtb2-useast.e-volution.ai	a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
1	sync.go.sonobi.com	1 redirects
1	um.simpli.fi	ads.pubmatic.com
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	dsp.nrich.ai	1 redirects
1	pr-bh.ybp.yahoo.com	ads.pubmatic.com
1	image4.pubmatic.com	ads.pubmatic.com
1	sync.mathtag.com	1 redirects
1	aud.pubmatic.com	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	green.erne.co	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	rtb-csync.smartadserver.com	1 redirects
1	dis.criteo.com	image6.pubmatic.com
1	loadm.exelator.com	1 redirects
1	data.adsrvr.org	ap.lijit.com
1	s.amazon-adsystem.com	ssum-sec.casalemedia.com
1	image6.pubmatic.com	ads.pubmatic.com
1	amazon-tam-match.dotomi.com	aax-eu.amazon-adsystem.com
1	sync.targeting.unrulymedia.com	1 redirects
1	ad.doubleclick.net	absorbingcorn.com
1	adservice.google.ch	securepubads.g.doubleclick.net
1	clients1.google.com	www.winhelponline.com
1	www.googleapis.com	www.winhelponline.com
1	pixel.wp.com	www.winhelponline.com
1	js.gumgum.com	www.winhelponline.com
1	stats.wp.com	www.winhelponline.com
1	go.ezodn.com	www.winhelponline.com
448	88

This site contains links to these domains. Also see Links.

Domain
silktide.com
www.twitter.com
www.facebook.com
www.ezoic.com
www.microsoftedgeinsider.com
ms-windows-store
monitor20.sucuri.net

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-07-10` - `2021-07-10`	a year	crt.sh
c.amazon-adsystem.com Amazon	`2020-08-04` - `2021-08-02`	a year	crt.sh
*.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2021-01-19` - `2021-04-13`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
absorbingcorn.com R3	`2020-12-20` - `2021-03-20`	3 months	crt.sh
ezoic.net R3	`2021-01-23` - `2021-04-23`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.gumgum.com Amazon	`2020-11-14` - `2021-12-13`	a year	crt.sh
www.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
aax-eu.amazon-adsystem.com Amazon	`2020-06-15` - `2021-06-15`	a year	crt.sh
*.google.ch GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2020-03-02` - `2021-04-01`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2019-06-19` - `2021-08-31`	2 years	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2020-02-26` - `2021-05-27`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2020-03-11` - `2021-05-10`	a year	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
s.amazon-adsystem.com Amazon	`2020-08-28` - `2021-08-20`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-14` - `2021-04-23`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-01-30` - `2021-04-28`	3 months	crt.sh
*.semasio.net Sectigo ECC Domain Validation Secure Server CA	`2020-03-09` - `2021-03-27`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2020-10-30` - `2021-04-27`	6 months	crt.sh
*.simpli.fi DigiCert SHA2 Secure Server CA	`2019-09-18` - `2021-12-12`	2 years	crt.sh
sb.scorecardresearch.com DigiCert Secure Site ECC CA-1	`2020-07-17` - `2021-06-02`	a year	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.e-volution.ai Sectigo RSA Domain Validation Secure Server CA	`2020-09-14` - `2021-09-14`	a year	crt.sh
misc-sni.google.com GTS CA 1O1	`2021-01-26` - `2021-04-20`	3 months	crt.sh
*.ezoic.net Amazon	`2020-03-15` - `2021-04-15`	a year	crt.sh

This page contains 36 frames:

Primary Page: https://www.winhelponline.com/
Frame ID: BEF5D8CA7CE9443A65A077AFEB907384
Requests: 254 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t
Frame ID: AA767300E2B863C27D114FB59C47D8C1
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html
Frame ID: 591ABAD5D3CC4C93A2F4226D3E6D2447
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Frame ID: B51A474403C8DFCB4F8F5AAB613AC950
Requests: 3 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Frame ID: F1C5FD3DF448E63FB6A0CDC6A0DF0181
Requests: 10 HTTP requests in this frame

Frame: https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Frame ID: 241391A43459C638B791A533544A756E
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Frame ID: 5F01FC43E072250A222A7DDC26F1F4FD
Requests: 1 HTTP requests in this frame

Frame: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Frame ID: 67583C295BE40F6FCDBEA953C9465E92
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: EFEEBB4023E26B4600E3593A8D81778E
Requests: 22 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8760626983827293230
Frame ID: 573C1D0A72639168E21BC19420099326
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: F82A1682B1EC527645F7725FC4E28F50
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABawE7ATx0AABGBY5sr4Q
Frame ID: 2E76F1EB315E86DB737909E73C86B496
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928663056058611861
Frame ID: 213608DACD337D4160D1D3A1F856DB2F
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=neNb51RFELsCSa18dNqaWT0f
Frame ID: D0C0E4B4AA14A0EF36B3688314B1F0DA
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4D8A8419-A786-450C-8912-05B1BEBC82C1&ex=pubmatic.com
Frame ID: 57681874024D96761F346A84BD1ABF83
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
Frame ID: 78244F15DB179B05DE8EC530451CF202
Requests: 2 HTTP requests in this frame

Frame: https://secure.quantserve.com/quant.js
Frame ID: 48EF573D20BDB1D3730BA312B0695FA6
Requests: 3 HTTP requests in this frame

Frame: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: FBD7B5947EBEF2F9FB61F328441A6A66
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html
Frame ID: 74A1D7C6C14C908498ADFEBAD652F429
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 1A3EEFBEA0199B75CEDE0622417EA61C
Requests: 2 HTTP requests in this frame

Frame: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 0AC090F4531E6BA25B2FBCE80C0CA349
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 2CE5D9D969095791964704916BF44918
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 901D6B682DD21F0F7F5341699E17EBA9
Requests: 9 HTTP requests in this frame

Frame: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: FE523DB0B266E73491DB0919D8C7A088
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 2A83F601EAF34C80DB1B8BD5BDADEB77
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EDB90D56059688C35B6D405B4D700048
Requests: 9 HTTP requests in this frame

Frame: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: A18B05CE4B1017089D35FE5DA8EC004D
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html
Frame ID: AF09B83A50105BE1DF2F9546A02770FD
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 33610E7DE9EED86374A615DF3546650B
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 95E3D5EF9453F6DF0FC6E7655DDA07F5
Requests: 19 HTTP requests in this frame

Frame: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Frame ID: 5D16482B5D80DDE7D1E98C91CA2C3AE3
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html
Frame ID: EB5103ADBFBDF3AB47E3E1BECDFF67DE
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 26FFA18D909955D547A82C603CD261AA
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 20FD193D8DE3B0F53F610912D8AE47E9
Requests: 19 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: 5D3A66DDAEC5EB8C3A34BC918A126989
Requests: 14 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs
Frame ID: CD29B850626C728E79601F2FFFBD9E30
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

448
Requests

100 %
HTTPS

29 %
IPv6

61
Domains

88
Subdomains

50
IPs

10
Countries

2368 kB
Transfer

5932 kB
Size

61
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: http://silktide.com/cookieconsent
Title: Cookie Consent plugin for the EU cookie law

Search URL Search Domain Scan URL

URL: https://www.twitter.com/winhelponline
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/winhelponline
Title:

Search URL Search Domain Scan URL

URL: https://www.ezoic.com/what-is-ezoic/

Search URL Search Domain Scan URL

URL: https://www.microsoftedgeinsider.com/en-us/
Title: Edge was being rebuilt

Search URL Search Domain Scan URL

URL: http://ms-windows-store//collection/?CollectionId=EdgeExtensions
Title: Windows Store

Search URL Search Domain Scan URL

URL: https://monitor20.sucuri.net/verify.php?r=0bc7cc656a57aa9abe9ea05ecf891d632f437b4fe7

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 99

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn HTTP 302
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t

Request Chain 119

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com/s%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smaato.com&id=1d1612364304ce0d163d

Request Chain 120

https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6433979787 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6433979787 HTTP 302
https://sync.1rx.io/usersync/tradedesk/e1d39735-a9b0-472f-8ecf-70ca44640f63 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DRX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003%26ex%3Drhythmone.com HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?id=RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003&ex=rhythmone.com

Request Chain 121

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID HTTP 302
https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1

Request Chain 124

https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com HTTP 302
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1

Request Chain 129

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCeOV8SJf8CBkcxLKp52jgAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHnRNZZwTFVQZZAQejx-S7Y&google_cver=1

Request Chain 130

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCeOV8SJf8CBkcxLKp52jgAABHUAAAIB HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESED4x2OW8SGNYpX8lxni8wL8&google_cver=1

Request Chain 132

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=bKky89Aw1LaQkL5

Request Chain 133

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3928944892059747643

Request Chain 134

https://idsync.rlcdn.com/461886.gif?partner_uid=YCeOV8SJf8CBkcxLKp52jgAA%261141 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CL6YHBIpCiUIARDY9gEaHVlDZU9WOFNKZjhDQmtjeExLcDUyamdBQSYxMTQxEAAaDQjXnJ6BBhIFCOgHEABCAEoA HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEE7rC7XfyHso3y3BEEZ_4Ak&google_cver=1

Request Chain 135

https://ad.turn.com/r/cs?pid=21 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3276776980110877152

Request Chain 138

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=-56B3_XLht_gm9KK_sie3K-X1YvgndbY-pdUFDlb

Request Chain 140

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent= HTTP 302
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3De8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348%26partner_url%3Dhttps%253A%252F%252Fce.lijit.com%252Fmerge%253Fpid%253D16%25263pid%253De8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3De8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3De8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://ce.lijit.com/merge?pid=16&3pid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&gdpr=0&gdpr_consent=

Request Chain 141

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592 HTTP 302
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592 HTTP 302
https://x.bidswitch.net/sync?dsp_id=4&user_id=496486ec-49b3-4247-9fa4-4174c1fd3cdd&ssp=fmx&expires=30&user_group=5&bsw_param=980e5c2a-5d1a-4030-9e06-cd1bd1a73592 HTTP 302
https://ce.lijit.com/merge?pid=26&3pid=980e5c2a-5d1a-4030-9e06-cd1bd1a73592

Request Chain 142

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=49&3pid=Vo7eW5EuL9Me&ev=1&pid=558511&gdpr_consent=&gdpr=0

Request Chain 143

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8760626983827293230

Request Chain 145

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCYXdFN0FUeDBBQUJHQlk1c3I0UQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABawE7ATx0AABGBY5sr4Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2 HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABawE7ATx0AABGBY5sr4Q&pid=558502&do=add HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AABawE7ATx0AABGBY5sr4Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID HTTP 302
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=4480214514142191613 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABawE7ATx0AABGBY5sr4Q

Request Chain 146

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928663056058611861

Request Chain 147

https://green.erne.co/pubmatic/cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=neNb51RFELsCSa18dNqaWT0f

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=TYqEGaeGRQyJEgWxvryCwQ%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 151

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent=

Request Chain 152

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&gdpr= HTTP 302
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&gdpr=&fbounce=1 HTTP 302
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4D8A8419-A786-450C-8912-05B1BEBC82C1&addseg=31

Request Chain 153

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e1d39735-a9b0-472f-8ecf-70ca44640f63

Request Chain 154

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5473704335513947430

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO1PNCUvjDDSxUrERTpnA0U&google_cver=1

Request Chain 156

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent=

Request Chain 157

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8997133002213540526&gdpr=0&gdpr_consent=

Request Chain 158

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-q0giW4l1l2JxdH.59oeGm58POoPCMdI-&gdpr=0&gdpr_consent=

Request Chain 160

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H

Request Chain 161

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://x.bidswitch.net/sync?dsp_id=283&user_id=4f2a11ed-78d4-4315-b516-56de763c6a83&expires=1&user_group=5&ssp=pubmatic&bsw_param=980e5c2a-5d1a-4030-9e06-cd1bd1a73592 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 162

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3276776980110877152&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 163

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&_test=YCeOWAAAAICQcCzr HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YCeOWAAAAICQcCzr&gdpr=0&gdpr_consent=&_test=YCeOWAAAAICQcCzr

Request Chain 164

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:28775d02-40a4-4340-875d-d4d093c39140&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 165

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348&gdpr=0&gdpr_consent=

Request Chain 180

https://simage4.pubmatic.com/AdServer/SPug?partnerID=156657&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://simage4.pubmatic.com/AdServer/2313835751099048&KRTB&22776-7502313835751099048

Request Chain 182

https://sb.scorecardresearch.com/p?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492 HTTP 302
https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492&cs_ak_ss=1

Request Chain 185

https://id5-sync.com/s/441/9.gif?puid=e_e6b0618b-48e0-4fbf-a456-1f12e87fd1b5&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/441/441/9/1.gif?puid=e_e6b0618b-48e0-4fbf-a456-1f12e87fd1b5&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/441/2/8/2.gif?puid=8997133002213540526&gdpr=0&gdpr_consent= HTTP 302
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/441/3/7/3.gif?puid=55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent= HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F6%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F6%2F4.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/cq/441/124/6/4.gif?puid=a8c91fcb-0ab0-4334-acdc-9491b441c23c&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F5%2F5.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/441/203/5/5.gif?puid=04dc5f34-12d7-4606-99a4-e063545dc0a6&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/k/264.gif?puid=e1d39735-a9b0-472f-8ecf-70ca44640f63&ttl=%%TTL%% HTTP 302
https://c1.adform.net/serving/cookie/match?party=1135&callback=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F10%2F3%2F7.gif%3Fpuid%3D%5Badformuid%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
https://id5-sync.com/c/441/10/3/7.gif?puid=5473704335513947430&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/441/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent= HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/441/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/441/19/2/8.gif?puid=3be1ff91c30bcf880d0432f13ebd6ad1&gdpr=0&gdpr_consent= HTTP 302
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F101%2F1%2F9.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/441/101/1/9.gif?puid=496486ec-49b3-4247-9fa4-4174c1fd3cdd&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/check_uuid/https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F104%2F0%2F10.gif%3Fpuid%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D?gdpr=0&gdpr_consent=

Request Chain 252

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 291

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEGAIqC6lk4RGQChaCS6ErIU&google_cver=1&google_push=AQvitUJTJLySzPqJtxQWlIh1TDUrWVGHeUmQaJ0SacNyZ5WZwDcZ6KQYadCR9cOwBlSQJfGR9KsQCmApx62_avNbfyC8Q_kdKpk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGAIqC6lk4RGQChaCS6ErIU&google_push=AQvitUJTJLySzPqJtxQWlIh1TDUrWVGHeUmQaJ0SacNyZ5WZwDcZ6KQYadCR9cOwBlSQJfGR9KsQCmApx62_avNbfyC8Q_kdKpk

Request Chain 292

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEM-Ez14SXrW3Pn_Se2aYGuA&google_cver=1&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEM-Ez14SXrW3Pn_Se2aYGuA&google_cver=1&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M HTTP 302
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M&google_sc&google_hm=8o0JypCsRj6Sa0JlA035qmAnjlw

Request Chain 293

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEGbGDbpy_YIxWzwmz9XzeVs&google_cver=1&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9DfzhErLi6Y5uyOkck HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9DfzhErLi6Y5uyOkck

Request Chain 294

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI2mfoswDFqoFaSTMc_vW5c&google_cver=1&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOdUl1-wJOQcq8Xwb0s0A HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI2mfoswDFqoFaSTMc_vW5c&google_cver=1&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOdUl1-wJOQcq8Xwb0s0A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQ1OTMxOTU3MDc4MjM2MTg5MQ&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOdUl1-wJOQcq8Xwb0s0A

Request Chain 295

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCiP3l01ZvjthWERAyg%26google_hm%3D%5BUID%5D&google_gid=CAESENos4YTJEBuG8sG_REgpZNM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCiP3l01ZvjthWERAyg&google_hm=40328647-9f18-4510-a72e-9bb985b6828a

Request Chain 296

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU HTTP 302
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU&apid=UPdbd3e2db-6dd5-11eb-9eb6-0622eb2986d2 HTTP 302
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU&apid=UPdbd3e2db-6dd5-11eb-9eb6-0622eb2986d2&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBkYmQzZTJkYi02ZGQ1LTExZWItOWViNi0wNjIyZWIyOTg2ZDI%3D&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU

Request Chain 300

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 304

https://a.c.appier.net/gcm?google_gid=CAESEJfbJUybXF7OLG5Fy1sPiOI&google_cver=1&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0eJRSP4jvKchJSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=U2N4d0JCdGFCZGFhbUZaQ1hZNG5ZQQ%3D%3D&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0eJRSP4jvKchJSw

Request Chain 305

https://px.adhigh.net/p/gm/rub?google_gid=CAESENIhqIESVG6EwZBXvlenIPA&google_cver=1&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA HTTP 302
https://px.adhigh.net/p/gm/rub?google_gid=CAESENIhqIESVG6EwZBXvlenIPA&google_cver=1&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&bounced=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&google_hm=t0GEV26IbnkAAikABlF3moPunw%3D%3D

Request Chain 306

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYgZS5TXbGU8KZtkhPGXkY&google_cver=1&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPBLXMY7ffyLdCyuL1N68XdbH0I HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0wzR05MWlktMTMtRkE1TQ==&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPBLXMY7ffyLdCyuL1N68XdbH0I

Request Chain 307

https://google-sync.rutarget.ru/sync?google_gid=CAESECBMsvo7E0rfizr7STEjQR8&google_cver=1&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoNWk-F2P4HUt2pUpdQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=V0dqTkxwXzRXZDBt&google_ula=2046794&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoNWk-F2P4HUt2pUpdQ

Request Chain 308

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1irpiziR_FZodA9tpL2AS6m8cUEW5qJqIjcxi9L55-tECZUQ-w55TERNTGfqnqHI HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1irpiziR_FZodA9tpL2AS6m8cUEW5qJqIjcxi9L55-tECZUQ-w55TERNTGfqnqHI&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YCeOXAi3vZk6IEUF87QcbAAABKIAAAIB&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1irpiziR_FZodA9tpL2AS6m8cUEW5qJqIjcxi9L55-tECZUQ-w55TERNTGfqnqHI

Request Chain 309

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJdVQMNyiW8R844SG4xW9E4&google_cver=1&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH08cQGKtMtq5E_UIzzShz0HFUE-xq-uEgI_iXWPl7ryz-BGbDodG8bR7xoqtafGw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=9455b69e47db2e4fb0e8&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH08cQGKtMtq5E_UIzzShz0HFUE-xq-uEgI_iXWPl7ryz-BGbDodG8bR7xoqtafGw

Request Chain 310

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEF46xb-SgVS5s2hEhgeIMzg&google_cver=1&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5IbyUBa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5IbyUBa&google_hm=NTMwNDU1MzY2MTIwNzE0MTIyOA==

Request Chain 312

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 358

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 359

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 379

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

448 HTTP transactions
30 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.winhelponline.com/ 177 KB
34 KB 1200ms
1173ms Document
text/html 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d895a00a90bad8fa5f121d61e067518dbec53cbc2ee9e3f9fe161f652e5fcae0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.winhelponline.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d7dfa3bf67db5d8a92b0d0b62ac02c2f51613205077; expires=Mon, 15-Mar-21 08:31:17 GMT; path=/; domain=.winhelponline.com; HttpOnly; SameSite=Lax ezoadgid_105367=-1; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 09:01:17 UTC ezoref_105367=; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 10:31:17 UTC ezoab_105367=mod1; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 10:31:17 UTC active_template::105367=pub_site.1613205077; Path=/; Domain=winhelponline.com; Expires=Mon, 15 Feb 2021 08:31:17 UTC ezoma_105367=999,999; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 09:01:18 UTC ezopvc_105367=1; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 09:01:18 UTC ezepvv=975; Path=/; Domain=winhelponline.com; Expires=Sun, 14 Feb 2021 08:31:18 UTC lp_105367=https://www.winhelponline.com/; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 10:31:18 UTC ezovid_105367=1064388612; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 09:01:18 UTC ezovuuidtime_105367=1613205078; Path=/; Domain=winhelponline.com; Expires=Mon, 15 Feb 2021 08:31:18 UTC ezovuuid_105367=d2cd3109-6f23-4c35-52cf-8e54c6625463; Path=/; Domain=winhelponline.com; Expires=Sat, 13 Feb 2021 09:01:18 UTC ezCMPCCS=true; Path=/; Domain=winhelponline.com; Expires=Sun, 13 Feb 2022 08:31:18 GMT
cache-control: max-age=0, must-revalidate, no-cache, no-store
content-security-policy: upgrade-insecure-requests;
display: pub_site_sol
expires: Fri, 12 Feb 2021 08:31:18 GMT
link: <https://www.winhelponline.com/blog/wp-json/>; rel="https://api.w.org/"
pagespeed: off
response: 200
vary: Accept-Encoding Accept-Encoding
x-content-type-options: nosniff
x-ez-proxy-out: true 2.2
x-frame-options: SAMEORIGIN
x-middleton-display: pub_site_sol
x-middleton-response: 200
x-rocket-nginx-serving-static: No
x-sol: pub_site
x-sucuri-cache: BYPASS
x-sucuri-id: 15012
x-ua-compatible: IE=edge
x-xss-protection: 1; mode=block
cf-cache-status: DYNAMIC
cf-request-id: 083c1d149a00002b7ded3c1000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8EpLyHegz0uHhdsM%2FApKH5GB7zGRvGEV2fIL%2B8Zxh8ux1zKbgYYoA4QWxthGEwGein28EO8WKHK1NFAyCmuW6LvgXkrAUmnf246SSYyycI2443%2FSDThucmOJK6XULs6Wcew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
cf-ray: 620d31342a782b7d-FRA
content-encoding: br

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 115 KB
30 KB 90ms
33ms Script
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 130eab0b79272570e565d77bb286b5755b9aae8f33efe8af7a2689bf8eabb859

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: u_EXV5XQ6Egl8wmZYuEdbt_kny6ZIOI0
content-encoding: gzip
server: Server
age: 42
etag: d7c8ebbead57940cf77ae4183f7ff01a
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
cache-control: public, max-age=900
date: Sat, 13 Feb 2021 08:30:35 GMT
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: FXCYhbcV3w323oL-dUW9aWr6XpczhHkgrAZF5dpYh4N1Xam0hm7MQw==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
803 B 48ms
28ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H2 200 dall.js Show response
go.ezodn.com/hb/ 295 KB
85 KB 63ms
35ms Script
application/javascript 2606:4700:3030::ac43:c6a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezodn.com/hb/dall.js?b=amx,appnexus,conversant,criteo,districtm,districtmDMX,gumgum,ix,oftmedia,oneVideo,onemobile,onetag,pubmatic,pulsepoint,rhythmone,sovrn,undertone,unruly&cb=192-8-9
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3030::ac43:c6a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc3e89318f8ad6d66e0ea5b27a0526cba837ae58f633f286bbd5c7535f7f4493

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 287796
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xRZCGhgHAWX3mLRMJH9LFgkXUjHh6D48BvibfZLSE1VF3KsCNsyOzVDnxKOAFKzvgFPLOqLwpc4KGo0QiKUHKKJeq19dAkN8QTYDZj1fGSZmF4n1JQwzkKo%3D"}],"group":"cf-nel"}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 620d313c3c4b0610-FRA
cf-request-id: 083c1d19a5000006102f3f5000000001

GET
H2 200 boise.js Show response
www.winhelponline.com/detroitchicago/ 983 B
699 B 21ms
15ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/boise.js?gcb=192-8&cb=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 699889
cf-ray: 620d313c187a2b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198b00002b7dae9e4000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Gy4Py1Iu82h5BHI2cM7RYDAMPYI9bAqc1rAIG%2BikNou8pp0bHr9bcOvl%2BrS2SaxScu8cUW9Yuak%2FVeOg9OxDuuAOagVS5nWLdd6g2Ygbl2MjfnnsxXZYxq45Zl4ASFayjNE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
369 B 38ms
37ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.6.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LWm4xIkcHPDEsMkPjLwusFAyW3%2BGwXaiGao%2Fu0DVa2XHYGnVe%2BjJ2IRBVKW%2FV2uKXKybgYBOfox5FpTFlhb9LiJLDE9SfQyS%2Bndq5MtAk98GwjYpJbzsrpkl0d3KEpGi9TA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 620d313b9f992b7d-FRA
content-length: 0
cf-request-id: 083c1d193e00002b7d9ca31000000001

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 36ms
16ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

63e971626cb7961fb014906a5476a7353bba89331013e001bb16b4a6ac5ce93f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:18 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 7 KB
2 KB 58ms
57ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.2.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a9f5bcaea7135eb0b06f4009ab1d5c031b2656f8b6a3a0fb6a833c6291193a36

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yYPVEIlIhjCOzhsMGdPJEPCFZIgsS9zGTFA5An7Ecpe%2F6CVJ%2FvTIIQf%2FKd5gyE9ulhcNkKGUmw0NJ073T3aMvfMO4P%2BsUaBxfBSYmkQDwGrHBLllUO%2BSqu11b50Rh3CuTu8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313b9f9d2b7d-FRA
cf-request-id: 083c1d193e00002b7d7a1e6000000001

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 565 B
464 B 45ms
44ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 38ed2c21bcfa116d731881882f18dcea1371c5b3c8f885bdaae9ecc92a1848c2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5zyrYg8LXdTnhpmn%2FjCN47XcFZI6FB7tkyCKI%2B7tHY%2BSiLSe0P76Nl1DMjUqzb75I%2FoWPhe%2F4GUSuAwQyj8BdwnsWkMgJwr7252gy4l0TIICE30%2BdkF%2BhU5ZTyqcQdoDrHI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313b9f9e2b7d-FRA
cf-request-id: 083c1d193e00002b7da6b38000000001

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 13 KB
3 KB 47ms
46ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c52d08396d4cc048f954c71ec148da02879c9baf180073841b7156445d499366

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dl45BgvVzAJahDWngqrK9bEEpSSo9tt1mEJcdTfsJkftQAwLMjDKleT4aVOvEru%2Ffuyc4RsjsGw2Vgha743Zt%2BD4toxg%2FGrP6pD2s11zEXC9M2aG4tqxkRHPbNCDLaBC2OA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313b9f9f2b7d-FRA
cf-request-id: 083c1d193f00002b7d7d804000000001

GET
H2 200 font-icons.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 2 KB
738 B 76ms
76ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 814d10bf224e52803749b46e49b9da81afdee80758a6a9e6cb7ba9e617f05e82

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2FgjxOeUp2O2kTgdCA5o3PCiVNLxhuhYsOHaIChoqfyyLq2Edvr5Ayv7X4i1eCuYjzJypscmC2C%2FQBpgUH4dXEyiaJyCR4dRFfS3MvHWGfmd9V1NkE6TzHQmobaCEW7PtQAM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313b9fa12b7d-FRA
cf-request-id: 083c1d193f00002b7daf362000000001

GET
H2 200 front.min.css
www.winhelponline.com/blog/wp-content/plugins/cookie-notice/css/ 2 KB
1001 B 38ms
35ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.6.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73dd08c34cf381d62ebef877a80373a6c926a2e641e651c27640ae4fb05af464

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3sHbWKzhyCUTRCMnZ6B38P0Z9P68%2Buac7p0BV88ikNixRjPU%2FaFQS%2BMeOXg%2FrNUcCkOdJRA6M%2FWmRPWQdlY%2BxjR%2F1Ldi4ybzoR3%2ByV2gtQ5ibNtgV%2FgHBoQhtsmgHRDyvYc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313bafbe2b7d-FRA
cf-request-id: 083c1d194700002b7d7e87d000000001

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/uploads/generatepress/ 5 KB
1 KB 38ms
35ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/generatepress/style.min.css?ver=1607696739&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4536e1881d7fc6805310601ad8730eaf9571b91b927d1e39b8e797485e19fae

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Uyclb7HC%2BfLjZmkbII0ka106kJNRgDaYZ52A96wD%2B7eRXZYRyrre%2Byww3XJjvJAUS7YLvU7DZPoG6qcKl3NZmcHLJTQlE27dh9v85%2FAtM5jC78UMO9ICb%2FQWj4zjCnxRTYE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313bafc02b7d-FRA
cf-request-id: 083c1d194700002b7db1899000000001

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
680 B 38ms
36ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=1.12.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ffe3558eee19297c7d7efb3ee170abccec5984bf568d44a194bfd46153ad898

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=63RvxntRw5CekPpYbAA%2FCoOMYqQ9NoNNZmw%2FVtDUHpEz9afMGGBLIGPtplk7wes%2FYAC2GbjqY1gL3KC5FEdmacjqajsTwiyejOV2dmHImukcc28ydX3sXHVjyeowsBtwaq4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313bafc12b7d-FRA
cf-request-id: 083c1d194700002b7d8e103000000001

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 46 KB
18 KB 11ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 23 Oct 2020 03:00:57 GMT
server: Golfe2
age: 3971
date: Sat, 13 Feb 2021 07:25:07 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18817
expires: Sat, 13 Feb 2021 09:25:07 GMT

GET
H2 200 jquery.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 87 KB
30 KB 19ms
17ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 5615759
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 09 Dec 2020 03:07:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd03f5f-15d98-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ck8kSF1WnLtKKbytRu6Bab89TBl05XCNipQwdds7F4lWpN2avr5V1ABMdLqUshYvWNmpnY4tWoy%2B7q3tEvAWHB%2FGvggbtE99P4Xjw8de0joCuvE03%2BuRhORNd40GIHQ1BN8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d194700002b7d81210000000001
cf-ray: 620d313bafc22b7d-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.winhelponline.com/blog/wp-includes/js/jquery/ 11 KB
4 KB 15ms
13ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 5615759
x-ezoic-cdn: Bypass
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Wed, 09 Dec 2020 03:07:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd03f5f-2bd8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rXaLOGhyAzfYBJpyqZ6rxtay4Li0QLlwVSjMfGY%2FiM6PqLQXhiSt9MWKUb%2FLhl%2BSIlJLHKVRsgAS8Y9O4YaXlOtywtPfz1LcH1x%2FfZXAVaYWgJV2bdSDgCrF1fUfDDnhSbM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=315360000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d194800002b7d9ca32000000001
cf-ray: 620d313bafc32b7d-FRA
display: staticcontent_sol, staticcontent_sol
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/cookie-notice/js/ 9 KB
3 KB 14ms
12ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.0.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 573702
x-ezoic-cdn: Hit ds;mm;2d3c730093491f403febf7510e55a077;2-105367-3;0f7884cc-d132-409d-657b-e5919ec9fa95
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: MISS
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Fri, 05 Feb 2021 18:44:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"601d9205-2474-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rHBw%2Bs%2B6VlFFDMNCdfSUFMLdvHeBLgRdv9O%2FM2C83o%2Bl6HraFzIy8IMDv5I0d4%2Bf32Kdf5VQo0y1sK4%2FqRwCtL4bBNqO5ubsiEyBvXsVy8KvUBm1nDw5aRPNAfQsDzFfYI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d194800002b7d7a1e7000000001
cf-ray: 620d313bafc52b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 generatepress.woff2
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/fonts/ 1 KB
2 KB 17ms
15ms Font
font/woff2 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/fonts/generatepress.woff2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.winhelponline.com
Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests;
age: 5659602
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-ez-proxy-out: true 2.2
x-frame-options: SAMEORIGIN
etag: "5f87ac48-4f0-gzip"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: font/woff2
access-control-allow-origin: https://www.winhelponline.com
cache-control: public, max-age=31536000
date: Sat, 13 Feb 2021 08:31:18 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ezoic-cdn: Hit ds;mm;aa1d57d151a635a716aaa545aa8c10de;2-105367-3;9a5f6e96-d1c2-48ad-5c7f-d1919430a0b9
x-rocket-nginx-serving-static: No
x-middleton-response: 200
content-length: 1264
cf-request-id: 083c1d194800002b7df0b77000000001
response: 200
last-modified: Thu, 03 Dec 2020 17:53:37 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age: 1728000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xtVA4Wlqsqq2j%2FUr6OE0ZlLm1bM1vQl1X4nAePsK5lAA69n5TwgOdqqYd0BY7zXNwK5zHzq%2BPKBfgl7KINRcOoMJ9BgNTSNo1apK%2B1C01Ha8tGrbZhQ2ZkAwza41aD9xFnE%3D"}],"group":"cf-nel","max_age":604800}
x-xss-protection: 1; mode=block
x-sucuri-id: 15012
accept-ranges: bytes
cf-ray: 620d313bafc62b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 cookieconsent.min.js Show response
www.winhelponline.com/ezoic/ 4 KB
2 KB 16ms
14ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/ezoic/cookieconsent.min.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 5014380
cf-request-id: 083c1d194800002b7d7d805000000001
last-modified: Fri, 11 Dec 2020 18:59:36 GMT
server: cloudflare
etag: W/"11a4-5b634e4c19600-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tsKoiNZE2KxIVGrWN4v1F2ZspTEsc2E9znFFVH6MZXIPyfLrfDeRP9VwJ5VYg22PQM%2Bn5PgQdxYrfEgwTpoRQdxAZUPO43TlP24OuFITA0jr0erc8Fa3LyNPUoBN%2BIIO1Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
cf-ray: 620d313bafc72b7d-FRA
expires: Fri, 17 Dec 2021 07:38:18 GMT

GET
H2 200 w10-clear-background-history.png
www.winhelponline.com/blog/wp-content/uploads/2017/11/ 9 KB
10 KB 18ms
12ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2017/11/w10-clear-background-history.png?ezimgfmt=ng%3Awebp%2Fngcb2%2Frs%3Adevice%2Frscb2-1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fef6d90fc22c3f94fa10afb8f2486ccf398d3637ba2ef62d2be59a1d974e318c

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 a67be963c7536322e9a591e428e62d28.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 410294
x-amzn-requestid: daa0070c-6382-4533-af3b-80b78a27a4db
x-ezoic-cdn: Hit ds;mm;901d29b06442867f953eb61b3037ab0b;2-105367-3;38c3bec1-46b9-40f1-4716-322336b4c0cb
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aY-qgGtEIAMFarw=
cf-request-id: 083c1d198c00002b7d7d80b000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-602044a9-06b2a345413e0f8134c116b5;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2FTzm26A2dBxxsFi7M57pZe03%2F746c3fY5RVD%2BrUwr5EkXwu2elryVNs1ym92LUpxeXnb8EXtXDbkLS36OldyyGHZbjU7Gc3mdeNegq0i2s4L2ZC9bDF2UpTFyAWYzNLrwQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: DUS51-C1
cf-ray: 620d313c187c2b7d-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: X7MD8XbZG_t8lCbLzOLc3w38CRE0EostvPkOis7GtwFGus5BEuVIaQ==

GET
H2 200 smooth-scroll.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/gp-premium/general/js/ 7 KB
3 KB 18ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/general/js/smooth-scroll.min.js?ver=1.12.3

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 5448679
x-ezoic-cdn: Hit ds;mm;15f35ace4a30bc073a31dde231a2e515;2-105367-3;a14756ec-f07b-467d-71a9-a2ab41e2461a
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Fri, 11 Dec 2020 14:25:36 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fd38160-1ae5-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8C7jFt1tGv0PDpdUs5qeN2muSMbSH08sIzfqMOOc%2FqDWasNB7p%2BhB9unDBJS5nAR5We93i%2FblsEhmTK8RIfNN4mtGY5WdpcDKi8tmsHs3CTWBFhe6H4Xk0TlgiXUBBMZQH8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d198b00002b7db189d000000001
cf-ray: 620d313c18732b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 script.min.js Show response
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/ 17 KB
5 KB 21ms
15ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=4.2.1

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

244de6960388f992e43c07685dd8c7ca1ee4424d85874a72036f2f8e692bbd7b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 5659602
x-ezoic-cdn: Hit ds;mm;b2ea9b369b58ad84a8e6ce806a5b833b;2-105367-3;e3f2bed5-4ca7-4f70-6e5c-90de201b6608
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Tue, 08 Dec 2020 01:57:28 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5fcedd88-4426-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TShaBEn1uBrDUhOehw1DJ7VtF5UQcdVyPdxxrudJ6bw6VqGpYIUpsDoo6BjtSMJaLFkYfShs97vi6TtLViT4Jl07KzSLkWBxuOrS4j7QznrYKhhh8vrosKWersayrSxphoQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d198c00002b7db189e000000001
cf-ray: 620d313c18752b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 main.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 7 KB
2 KB 20ms
14ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/main.min.js?ver=3.0.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 186267
x-ezoic-cdn: Hit ds;dm;49b2aae16b240841b7da9256eb12f853;2-105367-3;17730923-b463-4c7a-760a-e6f909735d2a
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Sat, 06 Feb 2021 00:16:56 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f87ac48-1c98-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=u6EW3r6mrxwdOP3pTU%2F%2B9FbmcacICSa9Z3ix2OtIgA00g842M0sLbiXQyAYPG2WHnk2HzUSz4Ik0l9SfYdcDAdhb5PDfVt5AbW5NYQMpeEBaLlKTbuP30SPCn%2FSnqhVjG%2Fc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d198b00002b7dd811c000000001
cf-ray: 620d313c18772b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 back-to-top.min.js Show response
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/ 712 B
744 B 18ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/js/back-to-top.min.js?ver=3.0.2

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
x-ez-proxy-out: true 2.2
age: 5659602
x-ezoic-cdn: Hit ds;mm;8e405ea09807c1ef9e5c1d3e3460e6d1;2-105367-3;ec5f62de-e50d-43aa-5bbc-059b184a9e29
x-middleton-display: staticcontent_sol, staticcontent_sol
x-sucuri-cache: HIT
x-middleton-response: 200
x-xss-protection: 1; mode=block
x-rocket-nginx-serving-static: No
response: 200
last-modified: Thu, 03 Dec 2020 17:53:37 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5f87ac48-2c8-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,User-Agent,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2g3MC7ATIHYwYfSTu%2BYBwX7yqvQ%2BNUE87i2wYt4WCWLXhQRB3MKdkoh7N7t4975Kgi6lkv0Y%2Bq822ko3BLmjtXP6tBEBIlFGJtzql%2B3SHXKgHjBlHZmDRLNOcFc9Hvz2CCk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
x-sucuri-id: 15012
content-security-policy: upgrade-insecure-requests;
cf-request-id: 083c1d198b00002b7db23f5000000001
cf-ray: 620d313c18792b7d-FRA
display: staticcontent_sol, staticcontent_sol

GET
H2 200 e-202106.js Show response
stats.wp.com/ 9 KB
3 KB 31ms
25ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202106.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
expires: Sun, 30 Jan 2022 21:24:07 GMT

GET
H2 200 ezcl.webp Show response
www.winhelponline.com/utilcave_com/inc/ 1 KB
1006 B 18ms
12ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/utilcave_com/inc/ezcl.webp?cb=4
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 58448
x-middleton-display: staticcontent_sol
x-sol: middleton
cf-request-id: 083c1d198c00002b7d7c8ba000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding,Origin
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fqCCM4DxQbYOMNf2UI9OOUMqBghYq2%2BSHlA%2F7rQpG3lpoYGa8R6Hn3hFlWYm1F%2FHJabUOVCe%2B0fRxeVNe8i3xE3s8TFD8LvSO1KaDyI5EOfE6m0jbNID8UPlGGgzIfaF%2B9o%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=86400
cf-ray: 620d313c187d2b7d-FRA
display: staticcontent_sol

GET
H2 200 houston.js Show response
www.winhelponline.com/detroitchicago/ 4 KB
2 KB 16ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/houston.js?gcb=8&cb=34
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e480b2fc477482d553c6aee25671a1f4c59545a78ca0a213601bc5fee911265

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 39490
cf-ray: 620d313c187e2b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198c00002b7da6b3d000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UEGxWttkwniRUY405fQnJ2kfcnaEOJw3jWf%2Bv4nng2TDRWPTUT0RM%2B5wHPYFYVAUy5rjeNc%2FAxjM0jBR8UsjD7fibFXfQ3%2B0%2FBbfdhMyRtMNlm5JQwL8C%2BYi8lFjMFwMD4Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 56 KB
19 KB 98ms
33ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

698b58c543a5d9bf4ce9b24203d6a26b503b61f170a5f80f63d56ef2a7dda6a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "782 / 165 of 1000 / last-modified: 1613171627"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19503
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H2 200 tulsa.js Show response
www.winhelponline.com/detroitchicago/ 16 KB
5 KB 19ms
13ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 711986
cf-ray: 620d313c18812b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198c00002b7dc1b7b000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nk3DHL7puFvxJR%2B145A7nepzlt0mkzjNfX7FDJB3VwTk0SZ%2FJNT1%2FttSiW4%2Ba7g7LRCyf24xjbkqXzLcAbsGBObiQs141tQyFwXTksWwjGpNl6C%2BNAhsr5jFZRcyBMVQjgo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 banger.js Show response
www.winhelponline.com/porpoiseant/ 48 KB
11 KB 24ms
18ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8f5c45431efdf2d7b5bc7a8d70a801df77e62d04d363be160348e2788d135767

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 133468
cf-polished: origSize=49648
cf-ray: 620d313c18822b7d-FRA
cf-request-id: 083c1d198d00002b7df98e7000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FWBxC1I1E5scLw44y0p%2F90wfG8C8xTcixLCcZnaQe%2FFGLeMGpxui1cur0oPIakdUbKVxcqP%2FiWhDbqEquZyXx3TxMxpoEU6vaabS89jVjSf6IYqeEplYhoZ6kzxY5YPqsMY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 memphis.js Show response
www.winhelponline.com/detroitchicago/ 5 KB
2 KB 18ms
13ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 186268
cf-ray: 620d313c18852b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198e00002b7d8e107000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=nTpshFKf6tXkZbYv0eSeJ5KoZ1L%2FuI2md%2FNVQ3hUt%2FqF%2BJzxJG1oAAH3i9SNydRnytiPxYcLBzB%2BsmacxUY1FKczd9oslYsw8Xi5cyntMArPB9b8ZyBX5k8GSwtdfpYdbUs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 minneapolis.js Show response
www.winhelponline.com/detroitchicago/ 864 B
811 B 19ms
13ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/minneapolis.js?gcb=192-8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 186268
cf-ray: 620d313c18862b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198e00002b7dd49a7000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3%2Bup0YZIUhYMoKbfFu0DwNAzsFZExX1qHm8rdJKEmjSu8ypwHp5%2Bi8GaKSLMsgqyuVhWRUdo1nM50ldtrFHvsYj%2BNOLuC9iDt10QG2X9Sbh2AmMrJFjOEsLsT4KZUI0aszo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 raleigh.js Show response
www.winhelponline.com/detroitchicago/ 2 KB
1 KB 24ms
19ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/raleigh.js?gcb=192-8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c934b8063ff7de62800a0cbf6475b32ccd30058f9bca0f4dace8713b938aec53

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 380838
cf-ray: 620d313c18882b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198e00002b7dac1bd000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=uwoAHuEzGUcALNK9NWiToErcaQBjgz2hgzbKe%2BigHtjhQ7fjQ9vAFVlTBet%2FOlAj9PAmhshKDdVmin3LlHw31M%2BvYCMiQJNBz%2BfB2SlDpeSw%2FxSc29KfH2NJcCcovqwBCMk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 tampa.js Show response
www.winhelponline.com/detroitchicago/ 773 B
678 B 20ms
15ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/tampa.js?gcb=192-8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 186268
cf-ray: 620d313c18892b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198e00002b7dba852000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CMfSOfFPs9ZPIMvSQBZKXtXzF8cl0u00DtSOfe17QT3RWh0DXOTwOQAjuh5ZCClGFyauOTJGrOEZ4R0ZohWPtMPK7LeeX3iFAZZPhK0J1NuKgjlFWJsEHMRXSeFTNftSBIQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 rochester.js Show response
www.winhelponline.com/detroitchicago/ 2 KB
1 KB 22ms
17ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/rochester.js?dcb=192-8&cb=2&v=9
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 120537
cf-ray: 620d313c188a2b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d198e00002b7da31c2000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ytHkFILWRmLN36NS0jBcHCZDyYoaCr26%2BWEdvAvPM4e77fl25HUvgQSl%2Fi4v7j%2BNwevPqNRrhaoav27fDNJdPMXpivnyDXAan7eGvGPFkdlBKj3VbsSWgKAME69%2F5KDs3xc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT Show response
absorbingcorn.com/v2/0/ 103 KB
30 KB 308ms
232ms Script
text/javascript 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

dc8fb71598f044a07ae2010e8c5d2741702063bc176a3b133f9a04a5c3f2991b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
x-datacenter: gce-europe-west1
etag: "6658f51cb555800a1f96bc638cc942acd9a4e7035b6206beaab64715a2b830d2"
vary: Accept-Encoding, Accept-Language
x-hostname: 711b148b
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
date: Sat, 13 Feb 2021 08:31:18 GMT
timing-allow-origin: *

GET
H2 200 ezosuigeneris.js Show response
g.ezoic.net/ 555 B
562 B 111ms
41ms Script
text/javascript 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigeneris.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: ba4a89b7abc0fa630a62dbe5e5b0f65d4bd929b80677878e9efe1f8a10fd0478

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
last-modified: Sat, 13 Feb 2021 00:08:00 GMT
server: nginx/1.16.0
etag: b121afc44006db07804e540621bc26bd
vary: Accept-Encoding, Accept-Encoding
content-type: text/javascript
cache-control: max-age=999999, private
content-length: 276
expires: Mon, 29 Apr 2020 21:44:55 GMT

GET
H2 200 lazy_load.js Show response
www.winhelponline.com/tardisrocinante/ 13 KB
5 KB 22ms
17ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/lazy_load.js?gcb=8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 5027367
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PtYM77sGy3LvIF%2BL8f4X4WtewaBiC1V4IfM%2Ffg301sqzDOwjlypZ0tN7AS93tIwpOfyJEdERlmfHOLuMSBVSug5AKDr%2BikrevIysx10nObGbgg7eML%2FMCxfWLfFE1rBu2rc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313c188b2b7d-FRA
cf-request-id: 083c1d198f00002b7d880aa000000001

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04e43870098517e0bdd4e0a54d10aa1381eaceb225d5774a8aa546be9aaa03ba

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:01 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:28 GMT
server: sffe
age: 403577
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:01 GMT

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3fd62148b7be959fdbf453a639cb4de24c942145e1dfae9a47c0c22c35509a69

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83127efb53ec7370360122f4b3ff3dc50cb97188498bfbdafe32051561a2cf05

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6674a3b31bc7014d04e7aeef41596932d4dab2fdc391a3bf02064ccf1a3e64bc

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8fbc17ed739bfc0cc8fe69f2e3fd6985843e179d0b9c75e08af069b95dc4c685

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b8ca12a460703aca3d43ad880e4e414d6e1a058d1ce9da226080afc42927700

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 619023867fc6c13f087935cfe535adc7b06b57d510b9b4b218e47a53708b87e0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90d26d0a7d028ce6715d93cf37c8acd2eea0bf9323e72114d78b520e8f5ed1c1

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b62a031b117adaa15131c8151dde56420a48f848f3d7c7b3be569bfe589d46ec

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cc8b935fc7a0fb31c550d69f25b8453d3566520a35cc96bea92b10d71335debd

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-Q050 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:56:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:49 GMT
server: sffe
age: 354873
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:56:45 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ 9 KB
9 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 403565
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:13 GMT

GET
H2 200 cse.js Show response
cse.google.com/ 10 KB
4 KB 58ms
38ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gws /

Resource Hash

f1da7b316adfa8f815e6c330161760d7617a131477745128c9a34fd357826b52

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
server: gws
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3464
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
DATA 200
OK truncated
/ 70 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2056d978c6d084130d7efd3381d4884e8d38e35ebea5422139469c6f1579e811

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3-Q050 200 collect Show response
www.google-analytics.com/j/ 2 B
131 B 71ms
14ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1045117176&t=pageview&_s=1&dl=https%3A%2F%2Fwww.winhelponline.com%2F&ul=en-us&de=UTF-8&dt=Winhelponline&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=1487963746&gjid=983753912&cid=430508116.1613205079&tid=UA-4931296-3&_gid=1535608217.1613205079&_r=1&_slc=1&z=341626208

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 collect
www.google-analytics.com/ 35 B
384 B 56ms
43ms Image
image/gif 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j87&a=1045117176&t=pageview&_s=2&dl=https%3A%2F%2Fwww.winhelponline.com%2F&ul=en-us&de=UTF-8&dt=Winhelponline&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=&gjid=&cid=430508116.1613205079&tid=UA-4931296-3&_gid=1535608217.1613205079&z=1467356261

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 12 Feb 2021 11:26:24 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 75894
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 138 B
523 B 227ms
226ms XHR
text/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fwww.winhelponline.com%2F&pid=GTzAxGNZh82Xu&cb=0&ws=1600x1200&v=7.59.00&t=2000&slots=%5B%7B%22sd%22%3A%220%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%221%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%222%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%223%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-1%22%7D%2C%7B%22sd%22%3A%224%22%2C%22s%22%3A%5B%22970x90%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-medrectangle-2%22%7D%2C%7B%22sd%22%3A%225%22%2C%22s%22%3A%5B%22468x60%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-medrectangle-3%22%7D%2C%7B%22sd%22%3A%226%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%227%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%228%22%2C%22s%22%3A%5B%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-box-2%22%7D%2C%7B%22sd%22%3A%229%22%2C%22s%22%3A%5B%22336x280%22%2C%22300x250%22%5D%2C%22sn%22%3A%22%2F1254144%2Fwinhelponline_com-medrectangle-1%22%7D%5D&cfgv=0&schain=1.0%2C1!ezoic.ai%2C6a88ed6ade2b65744bd01fe8f1ae3c0c%2C1%2C%2C%2C&pubid=aa05931b-5308-4ea3-95a2-adf84f4ffde4&gdprl=%7B%22status%22%3A%22no-cmp%22%7D
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: Server /
Resource Hash: 923e578334db5eeec6992e78cf949a8fe32632b59420a17d2c5b7dd4c9d56903

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
server: Server
x-amz-cf-pop: FRA2-C1
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 140
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
x-amz-cf-id: L2u7TNYwwMVjxCOUP0erYhYpzBxqJVuWTNmJvUvKywRTXIfCUYWybg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 78ms
26ms XHR
application/javascript 13.224.192.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.192.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-192-34.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 01:27:57 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 25402
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Fri, 29 Jan 2021 06:42:57 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: 8kbPIzTLk7_TMvnggUSDACBTugDfX2qC
via: 1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA2-C1
content-type: application/javascript
x-amz-cf-id: R-zz1KEBmuilPJHyYDBAVVbpA_BfY_HAiydkQG7iZwHTpCYB8d8mog==

GET
H2 200 css_onload.js Show response
www.winhelponline.com/tardisrocinante/ 1 KB
694 B 17ms
17ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/css_onload.js?gcb=8&cb=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73618d59a3dc00468aa85f81f93cad60be8c20b12a5d4ba40d3f0de6d172a6e2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
server: cloudflare
age: 2565279
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Qzy7aZzZ1HWbg77DgBi%2BWEcIR5oEBaMeouRor80hT68N3LlEGUy0s4nwMPoN6Se5X2MNfYRoIm679guhY2%2BCUHYQWPpBmH5cxHGCmRLR%2BW9kfKXhVNjS0S9SQa417B9rEmY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-middleton-display: sol-js
cache-control: max-age=31536000, public
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a012b7d-FRA
cf-request-id: 083c1d1a2300002b7dac1c7000000001

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
399 B 19ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoiZXh0X3VzZXJfaGFzaCIsInZhbCI6Ik5UIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZK%2BIiRWKpWSpyuotahOPtUXLXSrxOeF%2Bs5EnrzaWZcsavaZqZLlIjI7f04bl8T9noWjdHbmZJ4KDxKD2nCkBlrurrMFjaFRpxN7zcVfCJQECKtnWxEVGOEP%2FokfuaNR%2FIQw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d313d0a042b7d-FRA
content-length: 0
cf-request-id: 083c1d1a2400002b7dcbab9000000001
expires: Fri, 12 Feb 2021 08:31:18 UTC

GET
H2 200 services.js Show response
js.gumgum.com/ 97 KB
37 KB 89ms
30ms Script
application/javascript 65.9.69.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.gumgum.com/services.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.69.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e7f611710f3d372428c4be42bc42c8aca0374a156433fda22774daf5b61baee

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: urZHBLfWo.TYNIEdXwFuB5LKgGjw5OP8
content-encoding: gzip
etag: W/"8f5f52cf6de0d8d4ad7ec943f576ee9e"
age: 11915
x-cache: Hit from cloudfront
x-amz-meta-timing-allow-origin: *
x-amz-meta-access-control-allow-origin: *
last-modified: Thu, 04 Feb 2021 19:47:20 GMT
server: AmazonS3
date: Sat, 13 Feb 2021 05:12:44 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 95e0c26862caa0a0aa5e9580919524f8.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: OOHEsaKGyhlfXPTWlc4ykv0HENfr-xpftJC3DInuNb6e-R_FCeMMKQ==

GET
H2 200 anchorfix.js Show response
www.winhelponline.com/ezoic/ 879 B
746 B 12ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/ezoic/anchorfix.js?cb=192-8
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 695277
cf-ray: 620d313d0a052b7d-FRA
cf-request-id: 083c1d1a2400002b7db2004000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=FM1x1dJZatEwDtA1M7DfgvJQXkjDvmO63rRxMUQcEXFFVRtLjuGJ3PzhlyJasZhxGRAK2iEujXol17N43kifg4mfFiQRMyTVIjM%2F4lTe1Dec%2F5%2FnV9ZoueYlSYalOdp6ZcA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex, noindex
expires: Sat, 05 Feb 2022 07:23:21 GMT

GET
H2 200 blocks.style.build.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 0
352 B 27ms
25ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.6.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fnNydPzT3zmehdjXiyFr%2F1o0MVuin294mqNxoX11rCeJqnbQkBfPL2EKbyqr5Zv3OV8VNNXY4pQ7KA1AW8WLuJcvlmaiAc2hh4thhU7%2FLN4NpF0B9k00G7WIPlzMMCM7NVQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
accept-ranges: bytes
cf-ray: 620d313d0a0e2b7d-FRA
content-length: 0
cf-request-id: 083c1d1a2700002b7d81221000000001

GET
H2 200 style.min.css
www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/ 7 KB
7 KB 47ms
45ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=4.2.1&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zqMJlX5GmTzdpsnBSQGDPdmjHbDb0xFGOwiHk58fPeW359G71M%2BrM9xCNl4v%2F13YFEdBetDXUf7%2FtMddKUTCUEQdhST8v8NT6RFezwspDmzz1uxYn9clWbLW58sdA%2Fv1VMA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a112b7d-FRA
cf-request-id: 083c1d1a2700002b7d7735c000000001

GET
H2 200 widget-areas.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 565 B
565 B 42ms
41ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/widget-areas.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AK87qE%2BK7KHPchv9P0R7%2BFeiChVfwo0yu50nq%2Bq3h725lpGC3XvZn1jdGwq3XXiaiK6ZvaKTpEnixGkqzmedRlUkW1ql4DNEvj69BBzXb1%2FmEOgPs3knZYObzc3TliYfxFg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a122b7d-FRA
cf-request-id: 083c1d1a2700002b7dae9ed000000001

GET
H2 200 main.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/ 13 KB
13 KB 53ms
50ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/main.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B29uFwW06HyhEhIzfUqgMy9rcxgv%2FYJDMORHjj3mVz4l3NDBAKCS%2BJiMCUrU%2FUxZlSb2xFDq4uidOGSWokCna7sJsbP%2F%2Bhe98Eh5w10SJil8VCHdf4CSXBFFm6dHcJMSDis%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a132b7d-FRA
cf-request-id: 083c1d1a2800002b7da8930000000001

GET
H2 200 font-icons.min.css
www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/ 2 KB
2 KB 37ms
35ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/themes/generatepress/assets/css/components/font-icons.min.css?ver=3.0.2&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2Bs1Z2NTRfWwPKWwphRbSoN39P%2BD8IfiNZRpvuhIn7YztLoaojtIrVPehKabLUmQozjdPeD8N9Owc3MssZcCam9ACBwyj9IkN3xPynU%2FTiGk5eslPI%2BtCk3UNzeG1UgPQg9c%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a142b7d-FRA
cf-request-id: 083c1d1a2800002b7d8c044000000001

GET
H2 200 featured-images.min.css
www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/ 3 KB
3 KB 29ms
27ms Image
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/plugins/gp-premium/blog/functions/css/featured-images.min.css?ver=1.12.3&ez_used_css=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: BYPASS
x-sol: sol-template-css
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yCS2hdvlUhoIzXpuPUYVjBEkwqSJXNbpoeGXhDExPbiv0HnIcSyEnn4Nv2ZjGm%2BYT68m4svtXHYzHQNbpv9Aexlw9Dgs5YQTAOCmCCfqjh0dwykgqqBwleuTnZj7a%2Fysm5g%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-middleton-display: sol_css, staticcontent_sol
cache-control: max-age=300, private
nel: {"max_age":604800,"report_to":"cf-nel"}
cf-ray: 620d313d0a162b7d-FRA
cf-request-id: 083c1d1a2800002b7d880b3000000001

GET
H3-Q050 200 css
fonts.googleapis.com/ 22 KB
22 KB 44ms
29ms Image
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,600,600italic,700,700italic,800,800italic,italic,regular&display=swap

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:18 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:18 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H2 200 edmonton.webp Show response
www.winhelponline.com/detroitchicago/ 13 KB
4 KB 13ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/edmonton.webp?a=a&cb=192-8&shcb=34
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d798d8773831f64f1228bc59f6dc361eae9b0811b1cbce20d639a8695b1d118c

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 699888
cf-polished: origSize=13962
cf-ray: 620d313d0a172b7d-FRA
cf-request-id: 083c1d1a2900002b7dc4263000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0CV%2FndDU9KCNfqFAqGaPeq7rFCka6xNeJxi%2Fgb1dD9DBCQK2Z0O9%2BLO1IzCW5WSrJ%2FdWrPgJx7Sh%2FAMVKPT1SwUW5kaHGuJKFZMspURqyMQfVHVoPJE83kymsqqQDso19M4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex

GET
H2 200 jellyfish.webp Show response
www.winhelponline.com/porpoiseant/ 40 KB
9 KB 17ms
16ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/jellyfish.webp?a=a&cb=192-8&shcb=34
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37d4ae593a1268d4afce8c38f61ea933982184d2d6055300c2bfdb8ca28c2846

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 699888
cf-polished: origSize=59534
cf-ray: 620d313d0a182b7d-FRA
cf-request-id: 083c1d1a2900002b7dd92e5000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hfbDUoyeSL8M8JYR76Fe%2F20d%2BMQh1MfSvTF9uECI1gTenYiP3AiV%2FbyLr9iqIOj3H10lUgDYQXv6jTwMpCxgpITTjQ8wzX%2F0PQec2o3jaPakI%2F6Yfe7FD1jEE%2BGsCNOcU6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: noindex

GET
H2 200 vitals.js Show response
www.winhelponline.com/tardisrocinante/ 5 KB
2 KB 11ms
11ms Script
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/tardisrocinante/vitals.js?gcb=8&cb=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 994091
cf-ray: 620d313d0a192b7d-FRA
x-middleton-display: sol-js
cf-request-id: 083c1d1a2a00002b7dd8b4c000000001
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=DcPZHNiT6qsITUhSy6Z6mXg6feLCU4%2FLqwjHicvjPqggv62qnWkvGledWwWlc3eYkSEH%2F4OLp1IIO7%2BalXdwkA25uVAeAzrEINHxfNw814%2FGFEvWUhzoLT9D%2BG2lTE6BpfM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
x-robots-tag: noindex

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 24ms
23ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.4&blog=2943880&post=0&tz=0&srv=www.winhelponline.com&host=www.winhelponline.com&ref=&fcp=1313&rand=0.2394784771351126
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 imp.gif Show response
www.winhelponline.com/detroitchicago/ 43 B
503 B 20ms
20ms XHR
image/gif 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A2%2C%22ad_count_adjustment%22%3A1%2C%22ad_lazyload_version%22%3A2%2C%22ad_location_ids%22%3A%226%2C0%2C0%2C0%2C0%2C5%2C21%2C1%2C1%2C1%2C4%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A10%2C%22bidder_method%22%3A0%2C%22bidder_version%22%3A3%2C%22city%22%3A%22%22%2C%22country%22%3A%22DE%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A4%2C%22domain_id%22%3A105367%2C%22domain_test_group%22%3A20200404%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A0%2C%22ezcache_skip_code%22%3A0%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A0%2C%22iab_category%22%3A%22%22%2C%22iab_category_0%22%3A%22596%22%2C%22iab_category_1%22%3A%22602%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A3%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A0%2C%22page_ad_positions%22%3A%221006%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1109%2C1109%2C1111%2C1128%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%223a90acbd-5499-4a9d-4cda-0254a2515a8b%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%22%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A62537%2C%22response_time_orig%22%3A846%2C%22serverid%22%3A%2218.195.95.211%3A25818%22%2C%22state%22%3A%22%22%2C%22sub_page_ad_positions%22%3A%221006%2C1100%2C1102%2C1102%2C1102%2C1102%2C1109%2C1109%2C1109%2C1111%2C1128%22%2C%22t_epoch%22%3A1613205077%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2F%22%2C%22user_id%22%3A0%2C%22weather_precipitation%22%3A0%2C%22weather_summary%22%3A%22%22%2C%22weather_temperature%22%3A0%2C%22word_count%22%3A1498%2C%22worst_bad_word_level%22%3A0%7D
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/rochester.js?dcb=192-8&cb=2&v=9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=sKZTGwgG2z9Re4phLs8npQNICpm4787g%2FcA7mvmzXgBquhUoXMhLbeEhjjnlwoQ0Vra1Z0oIQLaaLCjRF%2FEGac1PWHxyosKd9d26WGyq7EVZN0lnGUNZiEhr1WSr3vxwqpU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 620d313d1a202b7d-FRA
content-length: 43
cf-request-id: 083c1d1a2c00002b7df98f1000000001

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 ezosuigenerisc.js Show response
g.ezoic.net/ 0
54 B 32ms
31ms Script
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/ezosuigenerisc.js?nogen=1
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cache-control: max-age=300, private
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding, Accept-Encoding
content-type: text/plain; charset=utf-8

GET
H2 200 cl.gif
www.winhelponline.com/detroitchicago/ 43 B
339 B 17ms
17ms Image
image/gif 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/detroitchicago/cl.gif?pvID=3a90acbd-5499-4a9d-4cda-0254a2515a8b&dID=105367
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=yo3tRxim6BigwBGEMHH%2BtaFg37lIIxcEA7mw1dwHBYOLGFj3Fig%2BdioSPu25umohzlmE5MvW1WePJs79e6jCR4xY0kfODCqdnFAooqnFpYdr%2Byf9dqnAz%2FoFUGgrCCeT9aU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-middleton-display: imp_sol
cache-control: no-cache, no-store, must-revalidate, max-age=0
accept-ranges: bytes
cf-ray: 620d313d9ade2b7d-FRA
content-length: 43
cf-request-id: 083c1d1a7b00002b7d93338000000001

GET
H2 200 nmash.js
www.winhelponline.com/porpoiseant/ 23 KB
6 KB 12ms
12ms Other
application/javascript 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/nmash.js?v=3
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f80ea602603e025dc8cd8d1a8b1868db1cbb0b9dedf8b31988a3ed201c10f499

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 133468
cf-polished: origSize=23791
cf-request-id: 083c1d1a8300002b7dfc05e000000001
x-robots-tag: noindex
last-modified: Sat, 06 Feb 2021 00:16:56 GMT
server: cloudflare
etag: W/"5cef-5ba9fdabdee00;5ba9fdabdee00-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LDROkZ1zJpaY6IuQIqLYOGEDBNFg7vdvVYklg0bpdIpoID2ip3mTkWRj12Tg4JGhcNcrE7r7AwvdefFlSXO8q7aIho%2F0iEfxrxerCafTxKyjA7Xbtq%2F6i0l9a1PrufeojZo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000, public
cf-ray: 620d313d9aeb2b7d-FRA
cf-bgj: minify

GET
H2 200 who-logo440px.png
www.winhelponline.com/blog/wp-content/uploads/2018/09/ 11 KB
12 KB 12ms
10ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2018/09/who-logo440px.png?ezimgfmt=rs:440x100/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79f8ee3ee2be4cab6ca5ffbec67dd65fb85e2b93a2f7ad3f2cc22b6802c8871f

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 85e4c30db6ed9459bdead04635e1ab69.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 847288
x-amzn-requestid: ea08d4ed-5c11-4e99-8d08-e6f714f0df4e
x-ezoic-cdn: Hit ds;mm;64bc3c4df7827b971fd647e3d0445760;2-105367-3;9d1d36b4-1b7c-4cb0-54f9-989773c9c6c2
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aK3-XHJDIAMF8YQ=
cf-request-id: 083c1d1a8600002b7d81227000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601aa05b-526a7b5442375f047e6d12cf;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Vpmyn03FYuenOnGQLEI23UsqSUUtYA0iSYgV5kI%2FOEP4nHStkgOyQj3W0D9YhtJWqyltEerKBslXCl3DCfEvSoXAKkDd80ZUXRox4hdJXu6XlP%2BIfMZKMaCtN5dx5X%2FNZ70%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: HAM50-C3
cf-ray: 620d313daaf22b7d-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: 8nJ627om9WMR0eGs_S_vf_P8f4XmA_vOTK3rpkls8C4-5XGYFElNyA==

GET
H2 200 twitter.png
www.winhelponline.com/images/ 2 KB
2 KB 13ms
12ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/images/twitter.png?ezimgfmt=rs:48x48/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d8783ef685913f06da7e385a57c93b9e356aa567402e0730579db45d90828660

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 3bf3e75bcb9a86b3eb343a1d4392a6df.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 852594
x-amzn-requestid: 542185b4-3a4b-4c54-a550-7ad5ab78952d
x-ezoic-cdn: Hit ds;mm;fa2fc77eaba8d782388d383728fa090d;2-105367-3;ede85f35-b377-4180-524d-8854935642b7
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aKp_fGPnIAMFS5w=
cf-request-id: 083c1d1a8600002b7df0b8d000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601a89fc-149bdbb06ea3326b5ff95dd9;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BkFU%2FSwjYiF3vR18592M%2Bpvw6I8SJfSLdbaYqcNnliD4XNxdN0%2F7YGndtYIRmwqq8JBsDWwCrOQF5uWbMDhSfODE8lj7GABTZGWjWET79d6obqFpDSCwYzv%2FUJKnF4tL4hA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C1
cf-ray: 620d313daaf42b7d-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: X1tZtzqxQXC0SEm1xyXiHLD_xd6XPr06fQ-IGfoYJz4Rc6M_l8kQzA==

GET
H2 200 fb.png
www.winhelponline.com/images/ 1 KB
2 KB 11ms
11ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/images/fb.png?ezimgfmt=rs:48x48/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f83db4d6431c0b742caf2343b1c14ece7b731a872e54220417b3760299f3872

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 4f2586d7d5737aae9f5500126b9eb2ba.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 852594
x-amzn-requestid: c861f170-f821-4f0d-9f49-dd2d068edbf2
x-ezoic-cdn: Hit ds;mm;6e437095995ff11f8e8fedcb8c351dc0;2-105367-3;e6663a7a-c0b5-4e99-540b-9b2f6138eb68
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: aKp_cH5MIAMF6Wg=
cf-request-id: 083c1d1a8600002b7da8936000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-601a89fc-23aecf67387b0b14542677c1;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ERIuQ%2BJVcqEe%2FaNa2fTuFPo8AR3Hqoc4o2BODC%2Fi2JAKIsfyAojem6Qv%2BbBwQdXLvKCBr%2FwDu%2FDxJwWx3AzzcgJIVgEDiYyENeiTKynq37YBxYlW48N146CUZZ5VQ%2FcVuZ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: MUC51-C1
cf-ray: 620d313daaf62b7d-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: oFu_0loK0XFJmQZc3AsiwT1mYpxoJILD5b8-XWqVcAezxiLlV0sW7Q==

GET
H3-Q050 200 pubads_impl_2021021101.js Show response
securepubads.g.doubleclick.net/gpt/ 289 KB
101 KB 71ms
39ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

a533e6ac10f159c258a7737b2a63378e910622fcc61e6c90be14d6d95328fb64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 11 Feb 2021 09:38:54 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 103545
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
395 B 17ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoidW5pdmVyc2FsX3VzZXJfaWQiLCJ2YWwiOiJiMTIxYWZjNDQwMDZkYjA3ODA0ZTU0MDYyMWJjMjZiZCJ9XX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1wz%2B6oVsX8B%2Bs5%2FeellLxX3H2H4M6zBp8PoPjz4bsgYMxtq9chnF3m9pNTpuPzMzd7seygBwRpV3QzG9MS5pTeQEeKQ2GzHbopKDxtYQNF8dIDuQkm%2FmXp4Iej57QHoNTLo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d313dcb2c2b7d-FRA
content-length: 0
cf-request-id: 083c1d1a9c00002b7d87358000000001
expires: Fri, 12 Feb 2021 08:31:18 UTC

GET
H2 200 cse_element__en.js Show response
www.google.com/cse/static/element/323d4b81541ddb5b/ 274 KB
90 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 11:46:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 161104
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 92213
x-xss-protection: 0
expires: Fri, 11 Feb 2022 11:46:14 GMT

GET
H2 200 default+en.css
www.google.com/cse/static/element/323d4b81541ddb5b/ 41 KB
9 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 11:46:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 27 Jan 2021 19:23:46 GMT
server: sffe
age: 161104
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9032
x-xss-protection: 0
expires: Fri, 11 Feb 2022 11:46:14 GMT

GET
H2 200 default.css
www.google.com/cse/static/style/look/v4/ 4 KB
1 KB 9ms
9ms Stylesheet
text/css 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/cse/static/style/look/v4/default.css

Requested by

Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=009756984466592281047:crsu4qcnxmm

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:11:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 17 Jun 2020 00:00:00 GMT
server: sffe
age: 1189
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1345
x-xss-protection: 0
expires: Sat, 13 Feb 2021 09:01:29 GMT

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
298 B 25ms
24ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoiZGV2aWNlX3dpZHRoIiwidmFsIjoiMTYwMCJ9LHsibmFtZSI6ImRldmljZV9oZWlnaHQiLCJ2YWwiOiIxMjAwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxMzIwNTA3NywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxMzIwNTA3NywiZGF0YSI6W3sibmFtZSI6Imxhbmd1YWdlX3RhZyIsInZhbCI6ImVuLVVTIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxMzIwNTA3NywiZGF0YSI6W3sibmFtZSI6Imxhbmd1YWdlX3ByaW1hcnlfc3VidGFnIiwidmFsIjoiZW4ifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=EXYbR4o%2B3SeX4e5psyielyE%2F31Soq%2FJSpAstiiopHFa2p3TFfphpKztemJMORo0zeWxxu7L7w%2FmSrCY%2FeSXf8krr0cB%2BgN2xG5K6WzUtLlWr36S1LypAP63ObiZVkqerAFQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d313ddb432b7d-FRA
content-length: 0
cf-request-id: 083c1d1aa700002b7df6082000000001
expires: Fri, 12 Feb 2021 08:31:19 UTC

GET
H3-Q050 200 async-ads.js Show response
cse.google.com/adsense/search/ 180 KB
63 KB 86ms
73ms Script
text/javascript 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cse.google.com/adsense/search/async-ads.js

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/cse_element__en.js?usqp=CAI%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

45f6bcd6a4c782d7b8ceb498907d4821a0648bff646fa1a6809324e666edf4b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "9757391051487160686"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H3-Q050 200 clear.png
www.google.com/cse/static/css/v2/ 1018 B
1 KB 56ms
41ms Image
image/png 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/css/v2/clear.png

Requested by

Host: www.google.com
URL: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/cse/static/element/323d4b81541ddb5b/default+en.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:56:30 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 354888
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1018
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:56:30 GMT

GET
H3-Q050 200 branding.png
www.google.com/cse/static/images/1x/en/ 1 KB
1 KB 52ms
42ms Image
image/png 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/cse/static/images/1x/en/branding.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 13:34:20 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 May 2020 08:30:00 GMT
server: sffe
age: 413818
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1372
x-xss-protection: 0
expires: Tue, 08 Feb 2022 13:34:20 GMT

GET
H2 204 generate_204
www.googleapis.com/ 0
182 B 25ms
5ms Image
text/plain 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googleapis.com/generate_204
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 204 generate_204
clients1.google.com/ 0
182 B 26ms
5ms Image
text/plain 2a00:1450:4001:800::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://clients1.google.com/generate_204
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

Cookie set iu3 Show response
aax-eu.amazon-adsystem.com/s/ Frame AA76
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn
https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t

260 B
947 B

205ms
205ms

Document
text/html

52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: 86f05538538458564e3a3da58e21a9e31aed0cbd467bfb9f2cf35ec801be2428

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.winhelponline.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=Axi0L0SB5EsrlP0U2dbQYPY|t
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

Server: Server
Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 210
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Set-Cookie: ad-id=Axi0L0SB5EsrlP0U2dbQYPY; Domain=.amazon-adsystem.com; Expires=Fri, 01-Oct-2021 08:31:18 GMT; Path=/; Secure; HttpOnly; SameSite=None ad-privacy=0; Domain=.amazon-adsystem.com; Expires=Wed, 01-Apr-2026 08:31:19 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

Redirect headers

Server: Server
Date: Sat, 13 Feb 2021 08:31:18 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t
Set-Cookie: ad-id=Axi0L0SB5EsrlP0U2dbQYPY|t; Domain=.amazon-adsystem.com; Expires=Fri, 01-Oct-2021 08:31:18 GMT; Path=/; Secure; HttpOnly; SameSite=None
Vary: User-Agent

GET
H2 200 integrator.js Show response
adservice.google.ch/adsid/ 109 B
803 B 48ms
27ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.ch/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 integrator.js Show response
adservice.google.com/adsid/ 109 B
781 B 49ms
34ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.winhelponline.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 104
x-xss-protection: 0

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
726 B 350ms
350ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D65b2c11be72ed8610e2ac0304f3023a9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D1900%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078878&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=1&ifi=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

2e3cb156e7ffc9b1b9836725c9de7383fb1ace80b56eba809e540f8ab829e637

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 240
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ 0
0 47ms
14ms Other
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 container.html
tpc.googlesyndication.com/safeframe/1-0-37/html/ 0
0 27ms
6ms Other
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://tpc.googlesyndication.com/safeframe/1-0-37/html/container.html
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 469 B
282 B 1385ms
1385ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D65b2c11be72ed8610e2ac0304f3023a9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D1900%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078886&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=2&ifi=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a8c9be9e613212876cf6693bc83fb8a46d3042f290ac27be6415d292958be65a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 247
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
273 B 2065ms
2065ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D65b2c11be72ed8610e2ac0304f3023a9%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D1900%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078890&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=3&ifi=3&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

4cc8b437125ab96313c8b2474dd31744fc8230c48c2e59b41e91ebb0c7f5751d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 238
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 471 B
307 B 1139ms
1139ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&prev_scp=iid2%3D187675%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-187675%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D3%26acptad%3D1%26br1%3D650%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C45%252C120%252C67%252C51%252C0%252C83%252C32%252C13%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078894&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=405&adys=1098&adks=2241190977&ucis=4&ifi=4&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x294&msz=336x280&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6d093fe8119c2a3c87513b3bb3f0109c99254f90e5e99b3ff22ea05e04c6c932

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 250
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 470 B
276 B 594ms
593ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D401612ca672af30f67eaf5e0989ce385%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D2700%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078898&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=5&ifi=5&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f2e812d697c94925bc4b47c78e470c7ff776edf289875d650e45e56e8362af54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 242
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
269 B 1618ms
1617ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078908&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=6&ifi=6&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e09a5ef92c896d2694b22baf5752a07de75f8ef75b18fc81dc685355f1597c2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:20 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
271 B 2810ms
2810ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078913&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=7&ifi=7&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

423d9302ed2d8215df56cf7537dc340c45816cf4cc7bb27a67fbb5499a2bc00c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 236
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
272 B 834ms
833ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078917&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=8&ifi=8&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=2

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

5340bfb6645697c441e975c32fa078a85f1f98c1c4109252db04407cef9dd2af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 237
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 462 B
487 B 2288ms
2288ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dbfa042bdb1583c959161b7823290dc1f%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D1300%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078920&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=9&ifi=9&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

33e54b5d0e7634e4bf5a9c9f80c5de0fb06f936a39b86296076010c9e6e56d7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 470 B
707 B 2551ms
2550ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2450588200150819&output=ldjh&impl=fif&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D1%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3D736e09a0771285737509ab8954c475a7%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D1200%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D1%26amznp%3D1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205078&dt=1613205078923&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=a&ifi=10&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

5b33cdaea1b39329ad7bdacbf70f311a22852025bb817d264bfe0451231d241c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 Aggjda Show response
ad.doubleclick.net/ddm/adj/Bdaadh/ 11 B
645 B 93ms
34ms Script
text/javascript 142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/Bdaadh/Aggjda

Requested by

Host: absorbingcorn.com
URL: https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ezoic.png
www.winhelponline.com/ezoimgfmt/go.ezoic.net/utilcave_com/img/ 722 B
2 KB 22ms
21ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/ezoimgfmt/go.ezoic.net/utilcave_com/img/ezoic.png?ezimgfmt=rs:62x16/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 717e9759657392ada69981d5b44649c2ec78b94f39c8d975131da59844b04bc2

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 a350f357b825293e306b1b0a2cb490c1.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 249105
x-amzn-requestid: 3b0d20f5-1993-4ec7-a29f-94e1be2e5216
x-ezoic-cdn: Hit ds;mm;f4ba2ae1c231ceca166d0bddc0cf0ef6;2-105367-3;bffbacff-1252-4981-4629-9cc4f3bf136a
x-cache: Hit from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: adz_XEsUoAMFxXQ=
content-length: 722
cf-request-id: 083c1d1bae00002b7d778ca000000001
display: staticcontent_sol, staticcontent_sol
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-60223395-6724a7a45edf9c161fdbab2b;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UGljZnGvmzJG4n0VWZ4psDHRyUvQGy%2BCMYHz7vvjk71V3hOez6PV0SqAalPteA49vQwbboQuo%2Fn%2B2T2tsrAgYNjNvfeR%2FuthSLv5aDPrblti1xELf80F%2BmOV3wVuKKCMV%2BU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
access-control-allow-credentials: true
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 620d313f7e232b7d-FRA
access-control-allow-headers: Content-Type, Authorization
x-amz-cf-id: AiuKYIg02-nZZBrUIQ-_6MSKMnpbAg3yRjBaar8SmOT6QGBeKOz6BQ==

GET
H2 200 settings-cascade-menu.png
www.winhelponline.com/blog/wp-content/uploads/2017/11/ 17 KB
18 KB 22ms
21ms Image
image/webp 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.winhelponline.com/blog/wp-content/uploads/2017/11/settings-cascade-menu.png?ezimgfmt=rs:699x503/rscb2/ng:webp/ngcb2
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 839cd49aa2a6f409cc73f8bec9b4f0f13d72f56e5f36719a9522bc2b30f173fb

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:18 GMT
via: 1.1 5a5b94c62ea85e0c0d78b169589b08b5.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 137363
x-amzn-requestid: 33e84a20-dd6a-441c-b968-e5bd645b48fe
x-ezoic-cdn: Hit ds;mm;a7d5034886074b6be5261b65819e73d2;2-105367-3;4526f726-409b-4117-4b6e-9898bef089cd
x-cache: Miss from cloudfront
x-middleton-display: staticcontent_sol, staticcontent_sol
access-control-allow-methods: GET
x-middleton-response: 200
x-amz-apigw-id: akQtHGlPIAMFUOg=
cf-request-id: 083c1d1bae00002b7d769e1000000001
response: 200
x-ez-proxy-out: true 2.2
server: cloudflare
x-amzn-trace-id: Root=1-6024c7ed-05e75fb85df6f3450c260dbe;Sampled=0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, User-Agent,Origin,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ao80wfZLLiuSj1ecyaCfI%2FhgQ7vO9NcM9m01a21ZHsZ7bPafpSBhpzfngAb32o0ptcqOjkrCH3A3ILxRXD0W9n7bGAdTH55pwix23vOplTF8dshC4nq%2Bs9wAPJdvKasOKZI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
access-control-allow-credentials: true
x-amz-cf-pop: FRA2-C1
cf-ray: 620d313f7e242b7d-FRA
access-control-allow-headers: Content-Type, Authorization
display: staticcontent_sol, staticcontent_sol
x-amz-cf-id: wFYmRhlcVVBRUUqhpKpamH-lus9oDHkfEpPK5g6Jo6LM2tZPdxqmHw==

GET
H3-Q050 200 container.html Show response
tpc.googlesyndication.com/safeframe/1-0-23/html/ Frame 591A 3 KB
2 KB 28ms
13ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-23/html/container.html

Requested by

Host: absorbingcorn.com
URL: https://absorbingcorn.com/v2/0/wmgLsOeKtMHetwDmiDrbeLbyJp-TbBj2k5JUVwmNSsHHkr5T8-ogSop91QYVZTRxfNT

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ced5c873136c4fab4584c0c6d26dcd530c748303d7ed9b7a7966b2fe1d6f5915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-23/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1479
date: Wed, 10 Feb 2021 11:37:11 GMT
expires: Thu, 10 Feb 2022 11:37:11 GMT
last-modified: Tue, 10 Apr 2018 14:51:09 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 248047
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK pr Show response
aax-eu.amazon-adsystem.com/s/v3/ Frame B51A 1 KB
910 B 49ms
48ms Document
text/html 52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: be993a8ea2b22eb5e26a881c1463d912ca6f20930cf937cd02c59fc0ca036d95

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=Axi0L0SB5EsrlP0U2dbQYPY; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://aax-eu.amazon-adsystem.com/s/iu3?cm3ppd=1&d=dtb-pub&csif=t&dl=n-smaato_n-index_pm-db5_rx_cnv_sovrn&dcc=t

Response headers

Server: Server
Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 549
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame B51A
Redirect Chain

https://s.ad.smaato.net/c/?adExInit=aps&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com/s%2Fecm3%3Fex%3Dsmaato.com%26id%3D%24UID
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smaato.com&id=1d1612364304ce0d163d

43 B
344 B

51ms
51ms

Image
image/gif

52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smaato.com&id=1d1612364304ce0d163d
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Sat, 13 Feb 2021 08:31:19 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
x-cache: LambdaGeneratedResponse from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=smaato.com&id=1d1612364304ce0d163d
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: qlqfQVjU8FFQOs_hCRhwbdsgtCH_JNOWECdxXnWGLmK-izHovD8DCQ==

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame B51A
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=amazon&redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3D%5BRX_UUID%5D%26ex%3Drhythmone.com
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6433979787
https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=6433979787
https://sync.1rx.io/usersync/tradedesk/e1d39735-a9b0-472f-8ecf-70ca44640f63
https://sync.targeting.unrulymedia.com/csync/RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003?redir=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DRX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003...
https://aax-eu.amazon-adsystem.com/s/ecm3?id=RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003&ex=rhythmone.com

43 B
344 B

51ms
50ms

Image
image/gif

52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003&ex=rhythmone.com
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sat, 13 Feb 2021 08:31:20 GMT
Server: Tengine
ETag: RX291d03762bcb4a34a28d4e881fde1a33003
Transfer-Encoding: chunked
P3P: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
Location: https://aax-eu.amazon-adsystem.com/s/ecm3?id=RX-291d0376-2bcb-4a34-a28d-4e881fde1a33-003&ex=rhythmone.com
Connection: keep-alive
Content-Type: text/html

GET
H/1.1

200
OK

Cookie set usermatch Show response
ssum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID
https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1

2 KB
3 KB

45ms
45ms

Document
text/html

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: f5b5dce4c7b3520f2f511fabf36c7ef80e2865ad6c90e4d888fce38fe854e7c3

Request headers

Host: ssum-sec.casalemedia.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: CMID=YCeOV8SJf8CBkcxLKp52jgAA; CMPS=3202
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: Apache
Content-Type: text/html
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary: Is-Traffic-Usersync
Content-Length: 1694
Expires: Sat, 13 Feb 2021 08:31:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YCeOV8SJf8CBkcxLKp52jgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 13 Feb 2022 08:31:19 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 14 May 2021 08:31:19 GMT CMPRO=1141;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 14 May 2021 08:31:19 GMT CMRUM3=2d60278e5705a0&e660278e5727600&f160278e5705a00&ee60278e5727600&0460278e5705a0&2e60278e5705a0&2760278e570b40&2f60278e5705a0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 13 Feb 2022 08:31:19 GMT CMST=YCeOV2AnjlcA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 14 Feb 2021 08:31:19 GMT

Redirect headers

Server: Apache
Content-Length: 333
Content-Type: text/html; charset=iso-8859-1
Location: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires: Sat, 13 Feb 2021 08:31:19 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Connection: keep-alive
Set-Cookie: CMID=YCeOV8SJf8CBkcxLKp52jgAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sun, 13 Feb 2022 08:31:19 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Fri, 14 May 2021 08:31:19 GMT

GET
H2 204 current
amazon-tam-match.dotomi.com/match/bounce/ Frame 2413 0
0 87ms
61ms Document
text/plain 2a02:fa8:8806:12::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://amazon-tam-match.dotomi.com/match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:12::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

:method: GET
:authority: amazon-tam-match.dotomi.com
:scheme: https
:path: /match/bounce/current?networkId=31082&version=1&rurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Dcnv.com%26id%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

server: nginx
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: no-cache, private, max-age=0, no-store
expires: 0
pragma: no-cache

GET
H/1.1 200
OK user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 5F01 8 KB
3 KB 88ms
28ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
ETag: "1300708-1f78-5b232eb4914bb"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 2654
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=128141
Expires: Sun, 14 Feb 2021 20:07:00 GMT
Date: Sat, 13 Feb 2021 08:31:19 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1

200
OK

Cookie set amazon Show response
ap.lijit.com/beacon/ Frame 6758
Redirect Chain

https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com
https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1

1 KB
1 KB

36ms
36ms

Document
text/html

216.52.2.39
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Requested by: Host: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/v3/pr?exlist=n-smaato_n-index_cnv_pm-db5_rx_sovrn&fv=1.0&a=cm&cm3ppd=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 216.52.2.39 , United States, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: 46856562ab2c2c0afae8477d46589792eb07dc3b570a3c56c108f2e7a780066f

Request headers

Host: ap.lijit.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ljt_reader=2798e554982f8b1e9dea2a48
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx
Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Vary: Accept-Encoding
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Set-Cookie: ljtrtbexp=eJyrVjI0U7IyNDM0MTE0MTO31FEysUTlG0HkjY1MLIzA8sZo8uYQeQsDSwtzy1oAm14Qaw%3D%3D;Path=/;Domain=.lijit.com;Expires=Sun, 13-Feb-2022 08:31:19 GMT;Max-Age=31536000;Secure;SameSite=None ljt_reader=2798e554982f8b1e9dea2a48;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
X-Powered-By: raptor
Content-Encoding: gzip
X-Sovrn-Pod: ad_ap7ams1

Redirect headers

Server: nginx
Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Length: 0
Set-Cookie: ljt_reader=2798e554982f8b1e9dea2a48;Path=/;Domain=.lijit.com;Max-Age=31536000;Secure;SameSite=None
Expires: Fri, 20 Mar 2009 00:00:00 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
X-Powered-By: raptor
X-Sovrn-Pod: ad_ap7ams1

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
400 B 19ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfcmVxdWVzdCIsInZhbCI6Ijk1MiJ9XX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=y9NkUC9Bc%2BYhXX2b626A1Od8DFyoc%2FSXuO%2BUYrtXDoyOXuML2BzZHwTWwIujFIHsg5Gamv%2B%2B3P8uh4ppCEgklsDHmCF%2B%2BC5kWIAhVfTKIHl3oPtKmM10gdsfSgCYo4hULd8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d314189af2b7d-FRA
content-length: 0
cf-request-id: 083c1d1cf300002b7d87382000000001
expires: Fri, 12 Feb 2021 08:31:19 UTC

GET
H/1.1 200
OK showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame EFEE 37 KB
14 KB 33ms
32ms Document
text/html 23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e

Request headers

Host: ads.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156657&predirect=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fid%3DPM_UID%26ex%3Dpubmatic.com&userIdMacro=PM_UID

Response headers

Last-Modified: Wed, 21 Oct 2020 18:57:52 GMT
ETag: "13006b6-94f8-5b232eca8cf5e"
Server: Apache/2.2.15 (CentOS)
Accept-Ranges: bytes
Content-Encoding: gzip
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 13837
Content-Type: text/html; charset=UTF-8
Cache-Control: public, max-age=138890
Expires: Sun, 14 Feb 2021 23:06:09 GMT
Date: Sat, 13 Feb 2021 08:31:19 GMT
Connection: keep-alive
Vary: Accept-Encoding

GET
H/1.1 200
OK PugMaster Show response
image6.pubmatic.com/AdServer/ Frame EFEE 5 KB
6 KB 124ms
31ms Script
text/html 185.64.189.115
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.115 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 7c61d9cac4cfd9f59469a76d8f459e98b040f054e29d2dd90af41c8755bcb188

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
P3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame F1C5 70 B
265 B 144ms
46ms Image
image/gif 52.209.120.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale?cm_user_id=YCeOV8SJf8CBkcxLKp52jgAA&cm_dsp_id=39&cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.120.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YCeOV8SJf8CBkcxLKp52jgAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHnRNZZwTFVQZZAQejx-S7Y&google_cver=1

43 B
1002 B

34ms
33ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHnRNZZwTFVQZZAQejx-S7Y&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 13 Feb 2021 08:31:19 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEHnRNZZwTFVQZZAQejx-S7Y&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

usermatchredir
ssum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YCeOV8SJf8CBkcxLKp52jgAABHUAAAIB
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESED4x2OW8SGNYpX8lxni8wL8&google_cver=1

43 B
315 B

50ms
49ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESED4x2OW8SGNYpX8lxni8wL8&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 43
Expires: Sat, 13 Feb 2021 08:31:19 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESED4x2OW8SGNYpX8lxni8wL8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dcm
s.amazon-adsystem.com/ Frame F1C5 43 B
720 B 383ms
130ms Image
image/gif 54.239.17.112
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&id=YCeOV8SJf8CBkcxLKp52jgAABHUAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.239.17.112 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Server
Vary: User-Agent
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=bKky89Aw1LaQkL5

43 B
990 B

36ms
36ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=bKky89Aw1LaQkL5
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 13 Feb 2021 08:31:19 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: PingMatch/v2.0.30-619-g1028223#rel-ec2-master i-0ae06fec161a2bbf2@eu-central-1a@dxedge-app-eu-central-1-prod-asg
P3P: policyref="https://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=bKky89Aw1LaQkL5
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

crum
dsum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D46%26external_user_id%3D%24UID
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3928944892059747643

43 B
994 B

48ms
47ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3928944892059747643
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 13 Feb 2021 08:31:19 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 727.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.223.154:80
AN-X-Request-Uuid: b60ed8d3-f8ec-4cdb-a73d-47272e242b49
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=3928944892059747643
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

362358.gif
idsync.rlcdn.com/ Frame F1C5
Redirect Chain

https://idsync.rlcdn.com/461886.gif?partner_uid=YCeOV8SJf8CBkcxLKp52jgAA%261141
https://idsync.rlcdn.com/1000.gif?memo=CL6YHBIpCiUIARDY9gEaHVlDZU9WOFNKZjhDQmtjeExLcDUyamdBQSYxMTQxEAAaDQjXnJ6BBhIFCOgHEABCAEoA
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEE7rC7XfyHso3y3BEEZ_4Ak&google_cver=1

42 B
318 B

32ms
32ms

Image
image/gif

34.120.207.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEE7rC7XfyHso3y3BEEZ_4Ak&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.207.148 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 148.207.120.34.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:19 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEE7rC7XfyHso3y3BEEZ_4Ak&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame F1C5
Redirect Chain

https://ad.turn.com/r/cs?pid=21
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3276776980110877152

43 B
994 B

80ms
35ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3276776980110877152
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sat, 13 Feb 2021 08:31:19 GMT

Redirect headers

location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3276776980110877152
pragma: no-cache
date: Sat, 13 Feb 2021 08:31:18 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame F1C5 43 B
344 B 50ms
50ms Image
image/gif 52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=index.com&id=YCeOV8SJf8CBkcxLKp52jgAABHUAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ssum-sec.casalemedia.com/usermatch?s=192259&cb=https%3A%2F%2Faax-eu.amazon-adsystem.com%2Fs%2Fecm3%3Fex%3Dindex.com%26id%3D%24UID&C=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK ecm3
aax-eu.amazon-adsystem.com/s/ Frame 6758 43 B
344 B 99ms
50ms Image
image/gif 52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=2798e554982f8b1e9dea2a48&ex=sovrn.com&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Server
Vary: User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 6758
Redirect Chain

https://pixel.quantserve.com/pixel/p-CXt61zNBpKUt1.gif?idmatch=0&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=-56B3_XLht_gm9KK_sie3K-X1YvgndbY-pdUFDlb

43 B
880 B

102ms
34ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=-56B3_XLht_gm9KK_sie3K-X1YvgndbY-pdUFDlb
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://ce.lijit.com/merge?pid=43&gdpr=0&gdpr_consent=&us_privacy=&3pid=-56B3_XLht_gm9KK_sie3K-X1YvgndbY-pdUFDlb
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 generic
data.adsrvr.org/track/cmf/ Frame 6758 70 B
265 B 139ms
45ms Image
image/gif 52.209.120.242
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://data.adsrvr.org/track/cmf/generic?ttd_pid=federatedmedia&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.209.120.242 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 6758
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=23&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=23&gdpr=0&gdpr_consent=
https://loadm.exelator.com/load/?p=204&g=700&j=r&buid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&ru=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_i...
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3De8f160...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&partner_url=https%3A%2F%2Fce.lijit.com%2Fmerge%3Fpid%3D16%263pid%3D...
https://ce.lijit.com/merge?pid=16&3pid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&gdpr=0&gdpr_consent=

43 B
2 KB

34ms
34ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=16&3pid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&gdpr=0&gdpr_consent=
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:21 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

date: Sat, 13 Feb 2021 08:31:20 GMT
via: 1.1 google
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://ce.lijit.com/merge?pid=16&3pid=e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348&gdpr=0&gdpr_consent=
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 6758
Redirect Chain

https://x.bidswitch.net/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=fmx&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=fmx&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
https://x.bidswitch.net/sync?dsp_id=4&user_id=496486ec-49b3-4247-9fa4-4174c1fd3cdd&ssp=fmx&expires=30&user_group=5&bsw_param=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
https://ce.lijit.com/merge?pid=26&3pid=980e5c2a-5d1a-4030-9e06-cd1bd1a73592

43 B
1 KB

39ms
38ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=26&3pid=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

location: //ce.lijit.com/merge?pid=26&3pid=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

merge
ce.lijit.com/ Frame 6758
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558511&ev=1&rurl=https%3A%2F%2Fce.lijit.com/merge?pid=49&3pid=%%VGUID%%&gdpr=0&gdpr_consent=
https://ce.lijit.com/merge?pid=49&3pid=Vo7eW5EuL9Me&ev=1&pid=558511&gdpr_consent=&gdpr=0

43 B
1 KB

36ms
36ms

Image
image/gif

72.251.249.13
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=49&3pid=Vo7eW5EuL9Me&ev=1&pid=558511&gdpr_consent=&gdpr=0
Requested by: Host: ap.lijit.com
URL: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.13 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: nginx / raptor
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://ap.lijit.com/beacon/amazon?url=https://aax-eu.amazon-adsystem.com%2Fs/ecm3?id=$UID&ex=sovrn.com&dnr=1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: nginx
X-Powered-By: raptor
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap2ams1
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

strict-transport-security: max-age=15768000
server: Jetty(9.4.14.v20181114)
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-US
location: https://ce.lijit.com/merge?pid=49&3pid=Vo7eW5EuL9Me&ev=1&pid=558511&gdpr_consent=&gdpr=0
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-75d6d6d469-cr7h4
expires: -1

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 573C
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8760626983827293230

42 B
973 B

194ms
38ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8760626983827293230
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=4D8A8419-A786-450C-8912-05B1BEBC82C1; chkChromeAb67Sec=1; DPSync3=1614384000%3A221_201_227_226; SyncRTB3=1615766400%3A203%7C1613779200%3A15_2%7C1614470400%3A35%7C1614384000%3A223_166_55_22_161_56_7_3_8_54_13_21_71_81_88%7C1614038400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_336=5844-8760626983827293230; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:19 GMT; path=/ PugT=1613205079; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 14-May-2021 08:31:19 GMT; path=/
X-lat: Pug23047:0:311
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8760626983827293230
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame F82A 43 B
304 B 122ms
41ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

:method: GET
:authority: dis.criteo.com
:scheme: https
:path: /dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ads.pubmatic.com/AdServer/js/showad.js
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

cache-control: no-cache
pragma: no-cache
content-type: image/gif
expires: Sat, 13 Feb 2021 00:00:00 GMT
server: Microsoft-IIS/10.0
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
server-processing-duration-in-ticks: 1104
date: Sat, 13 Feb 2021 08:31:18 GMT
content-length: 43

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame 2E76
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFCYXdFN0FUeDBBQUJHQlk1c3I0UQ&bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=pp%2Csas%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://bh.contextweb.com/bh/rtset?do=add&pid=558502&ev=AABawE7ATx0AABGBY5sr4Q&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dsas%252Cpm%26bee_sync_current_partner%3Dpp%2...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=sas%2Cpm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=2&ev=AABawE7ATx0AABGBY5sr4Q&pid=558502&do=add
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AABawE7ATx0AABGBY5sr4Q&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpm%26bee_sync_current_part...
https://match.prod.bidr.io/cookie-sync?bee_sync_partners=pm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=4480214514142191613
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABawE7ATx0AABGBY5sr4Q

42 B
977 B

39ms
39ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABawE7ATx0AABGBY5sr4Q
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=4D8A8419-A786-450C-8912-05B1BEBC82C1; chkChromeAb67Sec=1; DPSync3=1614384000%3A221_201_227_226; SyncRTB3=1615766400%3A203%7C1613779200%3A15_2%7C1614470400%3A35%7C1614384000%3A223_166_55_22_161_56_7_3_8_54_13_21_71_81_88%7C1614038400%3A63; KRTBCOOKIE_409=22966-neNb51RFELsCSa18dNqaWT0f&KRTB&23212-neNb51RFELsCSa18dNqaWT0f; PUBMDCID=3; KRTBCOOKIE_336=5844-8760626983827293230; KRTBCOOKIE_153=19420-FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H&KRTB&22979-FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H; KRTBCOOKIE_80=16514-CAESEO1PNCUvjDDSxUrERTpnA0U&KRTB&22987-CAESEO1PNCUvjDDSxUrERTpnA0U&KRTB&23025-CAESEO1PNCUvjDDSxUrERTpnA0U; KRTBCOOKIE_188=3189-4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348; KRTBCOOKIE_57=22776-8997133002213540526; PugT=1613205079
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Sat, 13 Feb 2021 08:31:20 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_699=22727-AABawE7ATx0AABGBY5sr4Q; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:20 GMT; path=/ PugT=1613205080; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:20 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 14-May-2021 08:31:20 GMT; path=/
X-lat: Pug23016:0:344
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Date: Sat, 13 Feb 2021 08:31:20 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AABawE7ATx0AABGBY5sr4Q
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

GET
H/1.1

200
OK

Cookie set Pug Show response
simage2.pubmatic.com/AdServer/ Frame 2136
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928663056058611861

42 B
851 B

1075ms
32ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928663056058611861
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: simage2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=4D8A8419-A786-450C-8912-05B1BEBC82C1; chkChromeAb67Sec=1; DPSync3=1614384000%3A221_201_227_226; SyncRTB3=1615766400%3A203%7C1613779200%3A15_2%7C1614470400%3A35%7C1614384000%3A223_166_55_22_161_56_7_3_8_54_13_21_71_81_88%7C1614038400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Sat, 13 Feb 2021 08:31:20 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_1101=23040-6928663056058611861; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:20 GMT; path=/ PugT=1613205080; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:20 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 14-May-2021 08:31:20 GMT; path=/
X-lat: Pug22018:0:553
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

Server: nginx
Date: Sat, 13 Feb 2021 08:31:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Set-Cookie: UserID1=6928663056058611861; Max-Age=7776000; domain=.adfarm1.adition.com; Path=/; SameSite=None; Secure
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=6928663056058611861

GET
H/1.1

200
OK

Cookie set Pug Show response
image2.pubmatic.com/AdServer/ Frame D0C0
Redirect Chain

https://green.erne.co/pubmatic/cm?
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=neNb51RFELsCSa18dNqaWT0f

42 B
1015 B

240ms
38ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=neNb51RFELsCSa18dNqaWT0f
Requested by: Host: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?kdntuid=1&rnd=87681733&p=156657&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&sec=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Host: image2.pubmatic.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: KTPCACOOKIE=YES; pi=156657:2; KADUSERCOOKIE=4D8A8419-A786-450C-8912-05B1BEBC82C1; chkChromeAb67Sec=1; DPSync3=1614384000%3A221_201_227_226; SyncRTB3=1615766400%3A203%7C1613779200%3A15_2%7C1614470400%3A35%7C1614384000%3A223_166_55_22_161_56_7_3_8_54_13_21_71_81_88%7C1614038400%3A63
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Set-Cookie: KRTBCOOKIE_409=22966-neNb51RFELsCSa18dNqaWT0f&KRTB&23212-neNb51RFELsCSa18dNqaWT0f; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:19 GMT; path=/ PugT=1613205079; domain=pubmatic.com; SameSite=None; secure; expires=Mon, 15-Mar-2021 08:31:19 GMT; path=/ PUBMDCID=3; domain=pubmatic.com; SameSite=None; secure; expires=Fri, 14-May-2021 08:31:19 GMT; path=/
X-lat: Pug23005:0:567
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC" CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
X-Cnection: close
Content-Type: image/gif; charset=utf-8

Redirect headers

server: openresty
date: Sat, 13 Feb 2021 08:31:19 GMT
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
set-cookie: u=neNb51RFELsCSa18dNqaWT0f; Max-Age=63072000; Domain=.erne.co; Path=/; Secure; SameSite=None
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw&piggybackCookie=neNb51RFELsCSa18dNqaWT0f
strict-transport-security: max-age=0; includeSubDomains;

GET
H/1.1 200
OK ecm3 Show response
aax-eu.amazon-adsystem.com/s/ Frame 5768 43 B
344 B 52ms
49ms Document
image/gif 52.95.123.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://aax-eu.amazon-adsystem.com/s/ecm3?id=4D8A8419-A786-450C-8912-05B1BEBC82C1&ex=pubmatic.com
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.95.123.167 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Server /
Resource Hash: c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Request headers

Host: aax-eu.amazon-adsystem.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://ads.pubmatic.com/AdServer/js/showad.js
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: ad-id=Axi0L0SB5EsrlP0U2dbQYPY; ad-privacy=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://ads.pubmatic.com/AdServer/js/showad.js

Response headers

Server: Server
Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Vary: User-Agent

GET
H/1.1

200
OK

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame EFEE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=TYqEGaeGRQyJEgWxvryCwQ%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

8 KB
8 KB

29ms
29ms

Image
text/html

23.218.208.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.218.208.200 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-200.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Content-Encoding: gzip
Last-Modified: Wed, 21 Oct 2020 18:57:29 GMT
Server: Apache/2.2.15 (CentOS)
ETag: "1300708-1f78-5b232eb4914bb"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: max-age=128141
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 2654
Expires: Sun, 14 Feb 2021 20:07:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 mw
mwzeom.zeotap.com/ Frame EFEE 95 B
596 B 39ms
23ms Image
image/png 2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?zpartnerid=1384&env=mWeb&gdpr=0&gdpr_consent=&cid=4D8A8419-A786-450C-8912-05B1BEBC82C1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 620d3142ca364ab0-FRA
access-control-allow-headers: *
content-length: 95
cf-request-id: 083c1d1dbd00004ab05c04a000000001

GET
H/1.1

200
OK

info2
uipglob.semasio.net/pubmatic/1/ Frame EFEE
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent=

42 B
603 B

46ms
46ms

Image
image/gif

77.243.60.138
NETIC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 77.243.60.138 Aalborg, Denmark, ASN42697 (NETIC-AS, DK),
Reverse DNS
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:18 GMT
frontend-id: 9
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: image/gif
content-length: 42
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:18 GMT
frontend-id: 11
location: /pubmatic/1/info2?sType=sync&sExtCookieId=4D8A8419-A786-450C-8912-05B1BEBC82C1&sInitiator=external&gdpr=0&gdpr_consent=
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
access-control-allow-origin: *
uip-response-status: Ok
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 0
routing-server-id: -1
expires: Sat, 01 Jan 2011 12:00:00 GMT

GET
H/1.1

200
OK

Artemis
aud.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&gdpr=
https://visitor.fiftyt.com/p.gif?ev=sync&p=pm&pm_uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&gdpr=&fbounce=1
https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4D8A8419-A786-450C-8912-05B1BEBC82C1&addseg=31

7 B
147 B

96ms
32ms

Image
text/plain

185.64.189.249
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4D8A8419-A786-450C-8912-05B1BEBC82C1&addseg=31
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.64.189.249 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Connection: keep-alive
Content-Length: 7
Content-Type: text/plain; charset=utf-8

Redirect headers

date: Sat, 13 Feb 2021 08:31:19 GMT
via: 1.1 google
p3p: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
location: https://aud.pubmatic.com/AdServer/Artemis?dpid=431&userid=4D8A8419-A786-450C-8912-05B1BEBC82C1&addseg=31
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
content-type: text/html; charset=utf-8
alt-svc: clear
content-length: 135

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e1d39735-a9b0-472f-8ecf-70ca44640f63

42 B
1 KB

1115ms
32ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e1d39735-a9b0-472f-8ecf-70ca44640f63
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22002:0:710
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=e1d39735-a9b0-472f-8ecf-70ca44640f63
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5473704335513947430

42 B
850 B

1072ms
31ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5473704335513947430
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22059:0:321
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=5473704335513947430
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO1PNCUvjDDSxUrERTpnA0U&google_cver=1

42 B
1 KB

422ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO1PNCUvjDDSxUrERTpnA0U&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
X-lat: Pug23009:0:275
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEO1PNCUvjDDSxUrERTpnA0U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent=

42 B
1 KB

1102ms
32ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22071:0:367
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: MT3 3518 2f03077 master zrh-pixel-x24
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sat, 13 Feb 2021 08:31:18 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA%3D%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8997133002213540526&gdpr=0&gdpr_consent=

42 B
973 B

346ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8997133002213540526&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
X-lat: Pug23035:0:271
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:19 GMT
X-Proxy-Origin: 185.156.175.107; 185.156.175.107; 724.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.119:80
AN-X-Request-Uuid: f88a417c-2337-4e73-ad30-6c0e3e86b698
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=8997133002213540526&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

SPug
image4.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=4D8A8419-A786-450C-8912-05B1BEBC82C1&redir=true&gdpr=0&gdpr_consent=&verify=true
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-q0giW4l1l2JxdH.59oeGm58POoPCMdI-&gdpr=0&gdpr_consent=

0
587 B

1391ms
32ms

Image
text/plain

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-q0giW4l1l2JxdH.59oeGm58POoPCMdI-&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Date: Sat, 13 Feb 2021 08:31:20 GMT
Content-Encoding: gzip
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: text/plain; charset=utf-8

Redirect headers

Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-q0giW4l1l2JxdH.59oeGm58POoPCMdI-&gdpr=0&gdpr_consent=
Connection: keep-alive
Content-Length: 0

GET
H2 200 4D8A8419-A786-450C-8912-05B1BEBC82C1
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame EFEE 43 B
837 B 106ms
34ms Image
image/gif 2a00:1288:110:c305::8000
YAHOO-IRD

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/4D8A8419-A786-450C-8912-05B1BEBC82C1?gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1288:110:c305::8000 , United Kingdom, ASN34010 (YAHOO-IRD, GB),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H

42 B
1 KB

407ms
38ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:18 GMT
X-lat: Pug23029:0:272
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://dsp.nrich.ai/bidswitch/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
https://x.bidswitch.net/sync?dsp_id=283&user_id=4f2a11ed-78d4-4315-b516-56de763c6a83&expires=1&user_group=5&ssp=pubmatic&bsw_param=980e5c2a-5d1a-4030-9e06-cd1bd1a73592
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=&gdpr_consent=&gdpr_pd=

1 B
825 B

837ms
31ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22070:0:369
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=980e5c2a-5d1a-4030-9e06-cd1bd1a73592&gdpr=&gdpr_consent=&gdpr_pd=
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3276776980110877152&gdpr=0&gdpr_consent=&us_privacy=

1 B
807 B

1160ms
32ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3276776980110877152&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22063:0:394
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=3276776980110877152&gdpr=0&gdpr_consent=&us_privacy=
pragma: no-cache
date: Sat, 13 Feb 2021 08:31:18 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YCeOWAAAAICQcCzr&gdpr=0&gdpr_consent=&_test=YCeOWAAAAICQcCzr

1 B
889 B

32ms
32ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YCeOWAAAAICQcCzr&gdpr=0&gdpr_consent=&_test=YCeOWAAAAICQcCzr
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22024:0:606
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: text/html; charset=utf-8
Content-Length: 1

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:20 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1613205081.692217,VS0,VE0
x-served-by: cache-hhn4061-HHN
x-cache: HIT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=YCeOWAAAAICQcCzr&gdpr=0&gdpr_consent=&_test=YCeOWAAAAICQcCzr
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

Pug
simage2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:28775d02-40a4-4340-875d-d4d093c39140&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
585 B

1099ms
32ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:28775d02-40a4-4340-875d-d4d093c39140&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:20 GMT
X-lat: Pug22026:0:610
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:28775d02-40a4-4340-875d-d4d093c39140&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Sat, 13 Feb 2021 08:31:19 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1

200
OK

Pug
image2.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348&gdpr=0&gdpr_consent=

42 B
1004 B

403ms
39ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Cnection: close
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:18 GMT
X-lat: Pug23040:0:644
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Content-Type: image/gif; charset=utf-8
Content-Length: 42

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348&gdpr=0&gdpr_consent=
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame EFEE 0
104 B 90ms
63ms Image
text/plain 2a02:fa8:8806:16::1400
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=4D8A8419-A786-450C-8912-05B1BEBC82C1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 , United States, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:19 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2 200 pubmatic
um.simpli.fi/ Frame EFEE 43 B
611 B 348ms
32ms Image
image/gif 159.253.128.188
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

159.253.128.188 Amsterdam, Netherlands, ASN36351 (SOFTLAYER, US),

Reverse DNS

bc.80.fd9f.ip4.static.sl-reverse.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:19 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Fri, 12 Feb 2021 08:31:19 GMT

GET
H2 200 dark-bottom.css
www.winhelponline.com/ezoic/styles/ 3 KB
1 KB 14ms
14ms Stylesheet
text/css 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/ezoic/styles/dark-bottom.css
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/ezoic/cookieconsent.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ac054159a85ddee2e265bc0a517304e773e8c8db653af949bab52dec5e2a1ed9

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 5014377
cf-polished: origSize=3031
cf-request-id: 083c1d23c700002b7d762f9000000001
last-modified: Fri, 11 Dec 2020 18:59:36 GMT
server: cloudflare
etag: W/"bd7-5b634e4c19600-gzip"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Kt%2FQJlYtRYTLxyAjpp3RLo6EVv3Y66%2FBU22GV6dNzGH7HNvzul80%2FDd4mtY%2Byfe66FptfFxS0CCu0A1VvClsBX2aeiFYP1IezaZB7i%2BpJCpEXu2YQJhX6urTzhnirJ2wKLE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000, public
cf-ray: 620d314c7d8e2b7d-FRA
cf-bgj: minify

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
273 B 28ms
27ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoibmF2aWdhdGlvbl90eXBlIiwidmFsIjoiMCJ9LHsibmFtZSI6InJlZGlyZWN0X2NvdW50IiwidmFsIjoiMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2MTMyMDUwNzcsImRhdGEiOlt7Im5hbWUiOiJwZXJmX2lzX3RyYWNrZWQiLCJ2YWwiOiIxIn0seyJuYW1lIjoicGVyZl9uYXZfdG9fY29ubmVjdCIsInZhbCI6IjI3In0seyJuYW1lIjoicGVyZl9jb25uZWN0X3RvX3Jlc3Bfc3RhcnQiLCJ2YWwiOiIxMjAwIn0seyJuYW1lIjoicGVyZl9yZXNwX3RpbWUiLCJ2YWwiOiI4In0seyJuYW1lIjoicGVyZl9pbnRlcmFjdGl2ZSIsInZhbCI6IjI0MiJ9LHsibmFtZSI6InBlcmZfY29udGVudGxvYWRlZCIsInZhbCI6IjI0NCJ9LHsibmFtZSI6InBlcmZfY29tcGxldGUiLCJ2YWwiOiIyNzAzIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=d%2BiCWAsRPK6hIGnMlrXGps8qLcFCh80E1sj17rUMSFxhrfsm41MhT0DtBBj%2BWg9mXDwVLGv2tXCTsEUtX%2FuDryGU%2FsJxC0vZtrV0h7At1ibRtz9lyyD9Zu7JZZ0vwil4iyA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d314c7d922b7d-FRA
content-length: 0
cf-request-id: 083c1d23c900002b7dc182f000000001
expires: Fri, 12 Feb 2021 08:31:21 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
296 B 20ms
19ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoiZmlyc3RfcGFpbnQiLCJ2YWwiOiIxMzEzIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxMzIwNTA3NywiZGF0YSI6W3sibmFtZSI6ImZpcnN0X2NvbnRlbnRmdWxfcGFpbnQiLCJ2YWwiOiIxMzEzIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jrVFY8Gz1eBLVF%2Fq19CI4d4WmxvOc0evsjsPN3QYTdPWK2VN83%2BbLjzOc5sxBxQFi5J0Pv391zYMS0%2BuFZCJLybM4rfK2YnKNjU25Up283UsZB8913UWxLx680PWo7X9m3U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d314c7d932b7d-FRA
content-length: 0
cf-request-id: 083c1d23c900002b7df083b000000001
expires: Fri, 12 Feb 2021 08:31:21 UTC

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
301 B 15ms
15ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoiY29ubmVjdGlvbl9lZmZlY3RpdmVfdHlwZSIsInZhbCI6IjRnIn1dfSx7InR5cGUiOiJwYWdldmlldyIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidF9lcG9jaCI6MTYxMzIwNTA3NywiZGF0YSI6W3sibmFtZSI6ImNvbm5lY3Rpb25fZG93bmxpbmsiLCJ2YWwiOiIxMCJ9XX0seyJ0eXBlIjoicGFnZXZpZXciLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInRfZXBvY2giOjE2MTMyMDUwNzcsImRhdGEiOlt7Im5hbWUiOiJjb25uZWN0aW9uX3J0dCIsInZhbCI6IjAifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VMXjb7pTWEuqEs517RPnegCSCA%2BpyV1gOmFcvOGFpfFt021XHPUK8qSmQQ9iWQB3XGKauIim%2FJV%2BO7ZRl4wCGz0GB9sEQ4iQBYSYoYWzHRQKpEpPk470%2FwV%2BZTMGmOAXUCY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d314c7d952b7d-FRA
content-length: 0
cf-request-id: 083c1d23c900002b7dd8bfb000000001
expires: Fri, 12 Feb 2021 08:31:20 UTC

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 8 KB
7 KB 52ms
32ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021021101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc834d719261c51b562aae131a3619011d90e0708e66c70fbcf95c7fb7717977

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6398
x-xss-protection: 0

POST
H2 200 v2rajoUxWuYfCSmIfR9R26vYyvO_Kpi7CcXBavt653T_dxwL-Zi6-r0_Gxkmv05maWDUQlAU Show response
absorbingcorn.com/ 216 B
618 B 90ms
35ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2rajoUxWuYfCSmIfR9R26vYyvO_Kpi7CcXBavt653T_dxwL-Zi6-r0_Gxkmv05maWDUQlAU

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

14670ecc116f8412c3a6e6fdc3bdf5d6ee1f29d5edd24951776c645e02e7f7ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 13 Feb 2021 08:31:21 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 711b148b
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 216
expires: Sat, 13 Feb 2021 08:31:20 GMT

GET
H3-Q050 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1611170586013198"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6403
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:21 GMT

GET
H3-Q050 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/221/ Frame 7824 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/221/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 4984
date: Sat, 13 Feb 2021 05:47:24 GMT
expires: Sun, 13 Feb 2022 05:47:24 GMT
last-modified: Tue, 08 Dec 2020 21:41:15 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9837
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 dfZxd03ctMAtOzJA0awyJ9FYXT3-SPE4vneR-Lkp6e0.js Show response
pagead2.googlesyndication.com/bg/ Frame 7824 14 KB
6 KB 24ms
24ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/dfZxd03ctMAtOzJA0awyJ9FYXT3-SPE4vneR-Lkp6e0.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

75f671774ddcb4c02d3b3240d1ac3227d1585d3dfe48f138be7791f8b929e9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/sodar/sodar2/221/runner.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 10:47:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 09 Feb 2021 09:15:00 GMT
server: sffe
age: 164620
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 6227
x-xss-protection: 0
expires: Fri, 11 Feb 2022 10:47:41 GMT

POST
H2 200 v2flc9LDo8DWO-gnNKfB9eJWnUPuoCh-b2k-lFUvBn8AO5DmbF7go-xgiiLnu56JrqZ7MwDw Show response
absorbingcorn.com/ 3 B
36 B 48ms
47ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2flc9LDo8DWO-gnNKfB9eJWnUPuoCh-b2k-lFUvBn8AO5DmbF7go-xgiiLnu56JrqZ7MwDw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 13 Feb 2021 08:31:21 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
x-hostname: 711b148b
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 3

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
125 B 61ms
60ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=221&t=2&li=gpt_2021021101&jk=120932513717314&bg=!n5ylnN_NAAXRs2QT0TsAKQB2-DxaxCyN4tiVgsAQzCKMsXk7fixQz3r8pv5b1u4rhs1rrSNmy5QUAgAAAFtSAAAAD2gBBwoBF3nYKAEEptXqWDCaApCofnfnEanufThqz-34kt7fHAA1cQRz0eARmB32bVRPJnJuxLbackJJ7lF1dd4xFI4LQGi0jaNWg_ptPR9wbJmjtUCy5iS0JgvNuJVagWKsTcv-RYngAA-f924raiQfHikElOiJKptNU_y8HrEsK6ksffGpITVvQfvwyTaie0EGAhoMGoanl9Z-1q2nQXfg53Gi7xTrQxkLXnIy2guiKBhT1Rxc0F0RtAFpXrIWCgh-CRJyF3emxH3Qi33DArkZZumd_Vnriz1YAWNRlXuEim87KxUgN64LypZlbhpb7V5JdzwedhRp7O01JSNZT0CdnxdJkh3M_DWADPOq7_M-fZKtULHrOJAvB8ZKXpkB5_yf26UQLWxEWo0GzFSp5oEvqhHs6sTvXZYeUy4kpAjZE1-AXYkY9_iU5g9pUj6bLFVz-Tle24r6H4bfN-m2dDRcT1tjnx_NQjO0jkzvT8Y-rxIbmHpuLVg3upRm8H7Dgq6Nw2DOFEMiLYUhtnzOirfHsBnuh3JtMoZpaA3MYM5JXcUUANiITrrV3hdpBycl3lL_fcncJuIC0gQzuZ65pFXUTsKV8sxoWD6QnDJmqNU3aVKNtRhbJDr1L3MfgJy7PRRtAS4OX-btpoY6RfkYVNPKNU0TQIPOGshskQoE95_tcBxsSxVH3Ul2FEey6lRNqQlaHPtz9l7XEF11CaAZvJxcXkMtxyjp7JRZJQjqiEPW-tE25wA4dZFGm_EDE-svDwWlzQUeYyneKGWBoa9ASV94e6T_G4byDlLmqzJjz7V-VLsIVgtWxfo5cUHWMvcNUWOBzDkm55U5ubJoLXaPlth6EkNfWb0_JTP5ObOIpohDov2f8XQ8tCsXoXUdinz5wQT2e3XTGm-l-fF4JeXEGJd5wPI7Yc1iPt8K76DBTHJLmAnPAUMNlwuBJogVX9nSFPwBOrxk29vQTeHKQX-bFOuTvZnq6NexV6DV7n1ugWBXM5do1ZfCmAOlLeCpTZIiYRdOInwfRl0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:21 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 services Show response
g2.gumgum.com/zones/w9xc2jc5/ 349 B
864 B 151ms
58ms XHR
application/json 52.17.137.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/zones/w9xc2jc5/services?dp=https%3A%2F%2Fwww.winhelponline.com%2F&pu=https%3A%2F%2Fwww.winhelponline.com%2F&ogu=https%3A%2F%2Fwww.winhelponline.com%2Fblog%2F&rf=&r=3.80.5&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B2%5D%2C%22jsv%22%3A%223.80.5%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=10240&bf=09787cd64190e175564b8ff598b5b3250267cb61&ce=true&fs=false&dpr=1&sch=1200&scw=1600&lt=1613205081334&to=-60&vpii=false&vph=1200&vpw=1600
Requested by: Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.137.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: da7d58f3f75c2f190c551909d8a1a67e257211c17452a4f4f3319d41ac3d956b

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: gzip
server: nginx
etag: W/"08956b22328ffe09965e23305ed332d51"
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8

GET
H/1.1

404
Not Found

2313835751099048&KRTB&22776-7502313835751099048
simage4.pubmatic.com/AdServer/ Frame EFEE
Redirect Chain

https://simage4.pubmatic.com/AdServer/SPug?partnerID=156657&gdpr=0&gdpr_consent=&us_privacy=
https://simage4.pubmatic.com/AdServer/2313835751099048&KRTB&22776-7502313835751099048

0
0

31ms
31ms

Script
text/html

185.64.189.114
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/2313835751099048&KRTB&22776-7502313835751099048
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.114 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://ads.pubmatic.com/AdServer/js/showad.js
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

Location: 2313835751099048&KRTB&22776-7502313835751099048
Date: Sat, 13 Feb 2021 08:31:22 GMT
X-Cnection: close
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_fastcgi/2.4.6
Content-Length: 375
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 new Show response
g2.gumgum.com/assets/ 140 B
483 B 72ms
71ms XHR
application/json 52.17.137.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/assets/new?assets=%7B%22v%22%3A%221.1%22%2C%22pv%22%3A%2289b349d6-2fa6-4068-aa33-a23b58d56fc6%22%2C%22r%22%3A%223.80.5%22%2C%22t%22%3A%22w9xc2jc5%22%2C%22rf%22%3A%22%22%2C%22fs%22%3Afalse%2C%22ce%22%3Atrue%2C%22p%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2F%22%2C%22a%22%3A%5B%7B%22i%22%3A1%2C%22u%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2Fblog%2Fwp-content%2Fuploads%2F2017%2F11%2Fw10-clear-background-history.png%3Fezimgfmt%3Dng%253Awebp%252Fngcb2%252Frs%253Adevice%252Frscb2-1%22%2C%22w%22%3A700%2C%22h%22%3A268%2C%22x%22%3A222%2C%22y%22%3A639%2C%22lt%22%3A%22in%22%2C%22af%22%3Atrue%2C%22prefetch%22%3Afalse%2C%22lu%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2Fblog%2Fclear-background-wallpaper-history-windows-10-registry%2F%22%2C%22ia%22%3A%22clear%20desktop%20wallpaper%20history%22%7D%5D%2C%22ac%22%3A%7B%7D%2C%22vp%22%3A%7B%22ii%22%3Afalse%2C%22w%22%3A1600%2C%22h%22%3A1200%7D%2C%22sc%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22d%22%3A1%7D%2C%22tr%22%3A0.4%2C%22ogu%22%3A%22https%3A%2F%2Fwww.winhelponline.com%2Fblog%2F%22%7D&bf=09787cd64190e175564b8ff598b5b3250267cb61&lt=1613205081495&to=-60&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A2%2C%22ren%22%3A2%2C%22fc%22%3A0%2C%22ctx%22%3A%5B2%5D%2C%22jsv%22%3A%223.80.5%22%2C%22pbv%22%3A%220.0.0%22%7D&ns=10240
Requested by: Host: js.gumgum.com
URL: https://js.gumgum.com/services.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.137.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 6c7565d1c3bbdc0b66cb114627a7fbf4c9f8a871755b566cefc829330ef5fbf6

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: gzip
server: nginx
etag: W/"025b23a9b09ab5b26e139f826e35e5c31"
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.winhelponline.com
access-control-allow-credentials: true
content-type: application/json;charset=UTF-8

GET
H/1.1

200
OK

p2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/p?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492
https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492&cs_ak_ss=1

43 B
589 B

28ms
28ms

Image
image/gif

184.25.115.49
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492&cs_ak_ss=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.25.115.49 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-25-115-49.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:21 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/p2?c1=8&c2=15039634&c3=16&c4=w9xc2jc5&c7=https%3A%2F%2Fwww.winhelponline.com%2F&c8=Winhelponline&c9=&cv=2.0&cj=1&ns__t=1613205081492&cs_ak_ss=1
Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:21 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 quant.js Show response
secure.quantserve.com/ Frame 48EF 23 KB
9 KB 9ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 437afd9de21717c919be3f40f686b33170f2447dc03ded0fc00ac0cc41839854

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:21 GMT
content-encoding: gzip
etag: "8q1rat7Mm9i+FVcOidF8/g=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sat, 20 Feb 2021 08:31:21 GMT

GET
H2 200 rules-p-00TsOkvHvnsZU.js Show response
rules.quantcount.com/ Frame 48EF 3 B
349 B 29ms
6ms Script
application/x-javascript 2600:9000:206f:1c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-00TsOkvHvnsZU.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 14:01:54 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 19:30:30 GMT
server: AmazonS3
age: 66568
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: GXSEzEltB8NP_SeHQQoXv4-gzam29omcJQD9QhCbTZMC92fcDBrcEA==

GET

https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F104%2F0%2F10.gif%3Fpuid%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D
x.bidswitch.net/check_uuid/
Redirect Chain

https://id5-sync.com/s/441/9.gif?puid=e_e6b0618b-48e0-4fbf-a456-1f12e87fd1b5&gdpr=0&gdpr_consent=
https://id5-sync.com/c/441/441/9/1.gif?puid=e_e6b0618b-48e0-4fbf-a456-1f12e87fd1b5&gdpr=0&gdpr_consent=
https://ib.adnxs.com/getuid?https://id5-sync.com/c/441/2/8/2.gif?puid=$UID&gdpr=0&gdpr_consent=
https://id5-sync.com/c/441/2/8/2.gif?puid=8997133002213540526&gdpr=0&gdpr_consent=
https://sync.mathtag.com/sync/img?mt_exid=10089&mt_exuid=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&redir=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F3%2F7%2F3.gif%3Fpuid%3D%5BUUID%5D%26gdpr%3D0%26g...
https://id5-sync.com/c/441/3/7/3.gif?puid=55966027-8e57-4300-af4f-859128e57b57&gdpr=0&gdpr_consent=
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F6%2F4.gif%3Fpuid%3D...
https://ice.360yield.com/ul_cb/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-ZHMO1j30ngtSj0hGVUfksPtLcE5-SfEj26n12p7xog&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F441%2F124%2F6%2F4.gif%3Fp...
https://id5-sync.com/cq/441/124/6/4.gif?puid=a8c91fcb-0ab0-4334-acdc-9491b441c23c&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F203%2F5%2F5.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D
https://id5-sync.com/c/441/203/5/5.gif?puid=04dc5f34-12d7-4606-99a4-e063545dc0a6&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent=
https://id5-sync.com/k/264.gif?puid=e1d39735-a9b0-472f-8ecf-70ca44640f63&ttl=%%TTL%%
https://c1.adform.net/serving/cookie/match?party=1135&callback=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F10%2F3%2F7.gif%3Fpuid%3D%5Badformuid%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0
https://id5-sync.com/c/441/10/3/7.gif?puid=5473704335513947430&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/map/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/441/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent=
https://sync.crwdcntrl.net/map/ct=y/c=13953/tp=IDFI/gdpr=0/gdpr_consent=?https://id5-sync.com/c/441/19/2/8.gif?puid=${profile_id}&gdpr=0&gdpr_consent=
https://id5-sync.com/c/441/19/2/8.gif?puid=3be1ff91c30bcf880d0432f13ebd6ad1&gdpr=0&gdpr_consent=
https://ads.creative-serving.com/id5_cm?callback=https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F101%2F1%2F9.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D
https://id5-sync.com/c/441/101/1/9.gif?puid=496486ec-49b3-4247-9fa4-4174c1fd3cdd&gdpr=0&gdpr_consent=
https://x.bidswitch.net/check_uuid/https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F104%2F0%2F10.gif%3Fpuid%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D?gdpr=0&gdpr_consent=

0
0

GET
H2 200 pixel;r=1088277361;labels=Lifestyles.w9xc2jc5.*_winhelponline_com;rf=0;uht=2;a=p-00TsOkvHvnsZU;url=https%3A%2F%2Fwww.winhelponline.com%2F;fpan=1;fpa=P0-775552971-1613205081590;ns=1;ce=1;qjs=1;qv=58...
pixel.quantserve.com/ Frame 48EF 35 B
210 B 10ms
9ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1088277361;labels=Lifestyles.w9xc2jc5.*_winhelponline_com;rf=0;uht=2;a=p-00TsOkvHvnsZU;url=https%3A%2F%2Fwww.winhelponline.com%2F;fpan=1;fpa=P0-775552971-1613205081590;ns=1;ce=1;qjs=1;qv=58f0669e-20201210192756;cm=;gdpr=0;ref=;d=winhelponline.com;je=0;sr=1600x1200x24;dst=1;et=1613205081590;tzo=-60;ogl=

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:21 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
283 B 308ms
308ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2239002386027259&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1300%26reqt%3D1613205082197&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082202&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=b&ifi=11&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

47a6b711aab7cce416567713b9600a19a621d1e24092d09f12a0ce40fd10ac90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
265 B 456ms
455ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=710291149525630&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=3&rcs=1&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3D45a351e981f435b4c20fafca8a5d741c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D600%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D1200%26reqt%3D1613205082211&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082218&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=c&ifi=12&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8b4fd584a054bbd631a656663b00d5e0ead562575f16105f2563498a799f6162

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
257 B 293ms
292ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1651762473366395&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1300%26reqt%3D1613205082226&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082240&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=d&ifi=13&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=4

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

baa180b8bb2ca9d863de75ae574f3b43abccb30eb9e652257b72065d02946598

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 226
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
261 B 339ms
338ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1585661705388555&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Dc410f2a2b0c2123f4b6651cda6c5cf53%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D950%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1900%26reqt%3D1613205082252&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082267&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=e&ifi=14&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

54d3969a58f80d2f087705d05d388028cdd7d86eb8b14d11e35e9ea91b4ac11f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
258 B 294ms
294ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=805177953452745&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1300%26reqt%3D1613205082270&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082274&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=f&ifi=15&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

31acdc20a8aa606df0e9a9cef6f427cd6b9ff9cc89cf8b2d95f64f03543b6ef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
259 B 370ms
369ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1949812138513607&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Dc410f2a2b0c2123f4b6651cda6c5cf53%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D950%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1900%26reqt%3D1613205082277&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082280&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=g&ifi=16&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

59d60d3a4e02c9af5e658bff986c2e60dc597310aa233383a5af4f44b03b3169

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
265 B 435ms
434ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2340434032766917&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=3&rcs=1&prev_scp=iid2%3D187675%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-187675%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D3%26acptad%3D1%26br1%3D350%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C45%252C120%252C67%252C51%252C0%252C83%252C32%252C13%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205082283&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082286&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=405&adys=1098&adks=2241190977&ucis=h&ifi=17&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

545922a37c39fa42096863efa6e540288adf134d5f984f054935d2268f04e99a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 234
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
255 B 277ms
277ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2468164584747754&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D650%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1300%26reqt%3D1613205082289&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082294&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=i&ifi=18&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=5

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

3d2a51a548df3acbc5bb961060f0ae47fc8b2502b78d3303703db1101db43c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 453 B
270 B 299ms
299ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=298365806881276&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=3&rcs=1&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D04b5efc3207e2390972f099a6a3c4757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D1400%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D2700%26reqt%3D1613205082296&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082300&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=j&ifi=19&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=6

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

bf77c37d428be4f1a5a0004c327e0b2af2f921e583120b585522db8a13dd8a51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 445 B
255 B 392ms
392ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=4119238431666406&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=3&rcs=1&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D2%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Dc410f2a2b0c2123f4b6651cda6c5cf53%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D950%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1900%26reqt%3D1613205082302&eri=1&cookie=ID%3Dd723699214013821-228e54f675ba00d3%3AT%3D1613205078%3AS%3DALNI_MYnZ_6-CUsQDlDWkmsS2Q9lL3PD0Q&bc=31&abxe=1&lmt=1613205082&dt=1613205082306&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=k&ifi=20&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ab0dfcf5d623272bb54d5e4d3a857f0f3526e69734566550718cd083820a0dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 224
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
172 B 201ms
201ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1908436691301425&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205082712&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082715&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=l&ifi=21&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

928ad5483231df558fc05fa451bd496bc49b7852137d4881890886c8399265f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 347 B
205 B 294ms
293ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2864998904383011&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=2&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D400%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D600%26reqt%3D1613205082723&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082727&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=m&ifi=22&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

acc512f488929e63073ca0055e596c7d67fe4fa1c4670942afac1a1d2ff587ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
171 B 200ms
200ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3801352172611349&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205082754&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082757&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=n&ifi=23&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=7

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1c9a5faec65003cb3a90405ab6b7c213f6117cd1f81075d86f330b26be26784b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 213ms
213ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3514221521503601&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D650%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D950%26reqt%3D1613205082770&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082774&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=o&ifi=24&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

75b0a8b8feb2ec977d4b99c2e1c03abe9bde51afe5aef1645624337e9418f8da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 187ms
187ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3278622501508487&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205082787&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082790&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=p&ifi=25&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c009bfa4df8d71f72611942476978fb43eb99795f64144731b67dba4adc2c7ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 397ms
396ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1850885335073389&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D650%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D950%26reqt%3D1613205082793&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082796&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=q&ifi=26&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f15756ccc513df43e26a116c19da17985dd139f9d2bd5666d0dc8badbfeda96a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
183 B 273ms
273ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1581222989995191&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=2&prev_scp=iid2%3D187675%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-187675%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D3%26acptad%3D1%26br1%3D200%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C45%252C120%252C67%252C51%252C0%252C83%252C32%252C13%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D350%26reqt%3D1613205082803&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082807&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=405&adys=1098&adks=2241190977&ucis=r&ifi=27&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

27412526367d678d4d36f4d74af1ece4e1ded258e50c1c7cd21d6ee830e115fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 182ms
182ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=858159939128925&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D6e85b37de1b1ffc2593baa5d6e4b02fc%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D450%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205082810&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082813&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=s&ifi=28&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=8

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

914d1313b198e9af2eb207919ffec7c4733d120995ab6f4dfda969665e1909cc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:22 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 347 B
178 B 301ms
300ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=819442975525691&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=2&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3Dc5429b6ddd929d0bc40a832a87789a7c%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D1000%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1400%26reqt%3D1613205082815&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082818&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=t&ifi=29&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=9

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

98e8e2571090df9df268dd5a44687e515a095960793f223a7f1c01134f6838b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 198ms
198ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3307170790506967&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=2&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D3%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D650%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D950%26reqt%3D1613205082820&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205082&dt=1613205082823&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=u&ifi=30&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

184b0238dd0f35c02d9626a9c640e9a648ce466b54160ebc7c8053a0af743328

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 196ms
196ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2131359994509372&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D280%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1613205083218&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083221&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=v&ifi=31&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

40c77c87d3b7b568a4861fd526796a8ee0cc3ada0c418ac68fc8fded53966c47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
170 B 198ms
197ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=93358590274333&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D280%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1613205083259&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083262&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=w&ifi=32&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=10

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

283b8f353f5a87ee551dea88229f03b719f05f1ef07519a0be9d77c613bf106a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
168 B 439ms
439ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3694799815772908&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D400%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205083277&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083280&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=x&ifi=33&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

d5a1dc8eb93a0973c8a4e3514bf5ffa00749f4a8590990686d58192cbf790c14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 205ms
204ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=4348637163401640&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D280%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1613205083294&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083297&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=y&ifi=34&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

99a534a57645c6302b91a0d49b071e549a292404258e521ab036b2ad3c16a186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 339 B
167 B 179ms
179ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2094788007918831&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D400%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205083303&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083306&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=z&ifi=35&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

472cb3f894c8b8ce8edb91d98f781c3a6fedef266272b987fbcae4f908ce0f24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 137
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 349 B
181 B 347ms
346ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=332343900941644&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=3&prev_scp=iid2%3D187675%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-187675%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D3%26acptad%3D1%26br1%3D80%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C45%252C120%252C67%252C51%252C0%252C83%252C32%252C13%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1613205083320&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083324&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=405&adys=1098&adks=2241190977&ucis=10&ifi=36&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

255904f3e7a0fd09000eb94ffcefa6ad6f73dd6bb83a83aabb082d3e098b27bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 179ms
178ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=720888224838179&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc16fac08e79a971524b1c6834f5caad3%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D280%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D450%26reqt%3D1613205083325&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083328&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=11&ifi=37&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=11

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

80a64e0203bc418ea04e717b8d05a089af31beca8b75408f263d8a414710164f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
179 B 200ms
200ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=4476773488535638&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=3&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D5bac35e1a3b6adc56da706000a645484%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D650%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D1000%26reqt%3D1613205083330&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083333&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=12&ifi=38&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=12

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9c65459ca42311e0290c47ce72a5f075bf7a08fc72c25e7b393d0eeb8021914a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 204ms
204ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2322915198600149&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=3&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D76163170a8636ae5b88417f095893e08%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D400%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205083337&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083340&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=13&ifi=39&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

8c83002bf7e968ab24fcbdb5e144252f9591fd499b241d3b58c7962d296a759a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 198ms
198ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=806705984841464&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D280%26reqt%3D1613205083723&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083726&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=14&ifi=40&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

a7ec634366755e9c642da154b6fd2680bf7036202397cfb7031b3cbb12d3f871

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
166 B 179ms
178ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=64615596078884&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D280%26reqt%3D1613205083770&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083774&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=15&ifi=41&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=13

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f2e80df2e314cc9218327215f6342218880a1a4c0523af9b292e0b24a03a683c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 207ms
207ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1501779626595028&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D200%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1613205083787&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083790&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=16&ifi=42&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

99561059be1220b77fa61453b094d029a8c8ea4e6a2f02e844ddef7c533166b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
166 B 191ms
191ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3032286030649612&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D280%26reqt%3D1613205083803&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083806&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=17&ifi=43&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c9e4a3d3cf75ea2bc859f0d9daa12980d9db271e1c9dead979cebb728a43f021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:23 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 136
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
191 B 199ms
199ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2906430673167855&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D200%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1613205083820&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083823&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=18&ifi=44&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

33f7d8a2ec4a5e0118d69c706d35c272203ff38eacc9a3bd14debe956684a606

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
27 KB 298ms
298ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2010661234631071&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=336x280&ris=1&rcs=4&prev_scp=iid2%3D187675%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1111%26sap%3D1111%26a%3D%257C251%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D9%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D4%26al%3D1004%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-1-187675%26eb_br%3D7432360301409ae695ba255f16fbcf06%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D15%26bvm%3D0%26bvr%3D5%26shp%3D3%26acptad%3D1%26br1%3D20%26br2%3D350%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D32%252C45%252C120%252C67%252C51%252C0%252C83%252C32%252C13%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D80%26reqt%3D1613205083837&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083840&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=405&adys=1098&adks=2241190977&ucis=19&ifi=45&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x294&msz=336x280&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

353dcf2e738f427e40cba14090f57b0d088d09d07b6f484779e3ad045c0b6e1e

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKXf5p-55u4CFajcEQgdmCUMLg&gqi=&layout=/sadbundle/%24csp%253Der3%24/11441665821572190266/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CKXf5p-55u4CFajcEQgdmCUMLg&gqi=&layout=/sadbundle/%24csp%253Der3%24/11441665821572190266/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27556
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 13 Feb 2021 08:31:24 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 193ms
192ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=193120790474899&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Daf063c244089b52ec5a0423a258f1f8e%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D140%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D280%26reqt%3D1613205083842&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083844&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=1a&ifi=46&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=14

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

12cb7e0697a9aea72dabc8bcdfa7e9bfc3be24451ede2e8dd33a7054b4f03129

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
178 B 200ms
200ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=490686581385355&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=4&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D9e0a1ce5b2455cb9b48d5df4c6bf4053%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D350%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D650%26reqt%3D1613205083846&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083850&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=1b&ifi=47&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=15

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6b8721e8f303a1953de7abff1ec9ee1b0bc36d0769e48f697f9b1f5ebbdd3800

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 148
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
173 B 198ms
197ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=457907189594451&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=4&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3D86802a923a1f32517e4c5d3b6d550271%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D200%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D400%26reqt%3D1613205083854&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205083&dt=1613205083857&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=1c&ifi=48&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

792e3ff545f76b1fc8b1bda0f7eb8e7489ee4759814ba01fef6eca7987d53522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
404 B 57ms
56ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=gpt_sz&pvsid=120932513717314&r=336x280&w=336&h=280&a=0

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame FBD7 6 KB
3 KB 28ms
13ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 13 Feb 2021 08:31:18 GMT
expires: Sun, 13 Feb 2022 08:31:18 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 74 KB
28 KB 35ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js?cb=%2Fr20100101

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960672666234"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 28344
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
441 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoidGltZXJfZmlyc3RfYWRfbG9hZCIsInZhbCI6IjU4NDEifV19XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oG3lHw5LZTjlyvM4LzOCacWWWdD40LeKma%2FemvFmMYLZ0y5iG59jrXCg%2Bncf0k9o%2BnrnblSP0Jq9ddtSsZVY7QCFzPk9l4aM%2FZ51g2g78jb1xDStqgdvb%2F2bjEd%2F67W4LSc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31601c172b7d-FRA
content-length: 0
cf-request-id: 083c1d300b00002b7df622f000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
397 B 27ms
27ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI3NDMyMzYwMzAxNDA5YWU2OTViYTI1NWYxNmZiY2YwNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDIsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDAyLCJiaWRfZmxvb3JfcHJldiI6MC4wMDA4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDM4LCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJjcmVhdGl2ZV9pZCIsInZhbCI6IjEzODMxMDAzNDQzOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cLot%2BQ4X3o%2B2n5uvTLYEf8%2B6n%2Fc6jj4cLZYSQKvHRPVYpcDrm9zQMKfsrY9KNUcaNLMbB3HA2KQ3JZu4gdT8vRNvb7IqUNJXajsbJbgmHTFD9PVjb0vwAiUfzBV0Jhv1fXk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31601c192b7d-FRA
content-length: 0
cf-request-id: 083c1d300c00002b7d7d9a8000000001
expires: Fri, 12 Feb 2021 08:31:23 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
93 B 143ms
28ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
269 B 20ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAyLTEzIn0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LrcRV0hDs7V4as6iQsmLHcFMrEdXrg66AElFhuRFl8LFAzqtLCSf3xnOMk%2BIfHfGcHW8AIs5RpxpuluaY0Lfadmj1UfemUGb83mvFRwuRIG7MD2JvMdSiAx4u7YzqTdjbDo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31601c1c2b7d-FRA
content-length: 0
cf-request-id: 083c1d300d00002b7dc6817000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
275 B 30ms
30ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImF1Y3Rpb25fZXBvY2giOjE2MTMyMDUwODQsImFkX3Bvc2l0aW9uIjoxMTExLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiYmlkX2Zsb29yX2luaXRpYWwiOjY1MCwiYmlkX2Zsb29yX3ByZXYiOjgwLCJiaWRfZmxvb3JfZmlsbGVkIjoyMCwiYXVjdGlvbl9jb3VudCI6NSwicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzIxLCJtdWx0aV9hZF91bml0IjowLCJtdWx0aV9hZF9jb3VudCI6MCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5axXs509B5SvUuARwJCPuxl3yzxzMUxsxFkLWWiwmMTuJx0nGtCaqh7uXGpKTJcQ3y%2FFiGJtaKlVG3ZA3cB1WvzkHjHO%2BS7MRvowCWOQL%2Bqq9XYMCsDwssnqSULmWdEkRLY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31601c1f2b7d-FRA
content-length: 0
cf-request-id: 083c1d301100002b7d9cbe3000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/ Frame 74A1 62 KB
18 KB 7ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb21c189b325cf3c0c0a15d497412aae392eca9d23b3e432f71742b73606aa7e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/11441665821572190266/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Thu, 11 Feb 2021 06:40:59 GMT
expires: Fri, 11 Feb 2022 06:40:59 GMT
last-modified: Wed, 02 Sep 2020 08:44:48 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 17595
age: 179425
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FBD7 0
0 60ms
60ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CbX40W44nYOXFNqi5x_APmMuw8AKj74qvYYaGrLafDJzMio3eGxABIPT5xiVg9ZXOgeAEoAH4v634AsgBCakCDIq3q8vPsj7gAgCoAwHIAwiqBPcBT9DVHzglUSKC4dfK0plFkvvl3BKu6CiJJ-kNaZ1J7Nt6_sQFj9TTLPbWPUVK21jEuQ61cvGJrRB_oZ-QxGNqk2NGAfZMCUI3olKUkLwWz-8sTrqdq78dUuYGYCnVFAObYO7oGpfe4_CGo7Z9nn1t0mniUs4_GaHqe6ge4fuCljxZsNpcBQSvl_2kewiKcxeWXI-F0aiUmm6H01GPiZHZEdPEMGbBv6efqOQzMyG6w90lThZYhGBgpFrDUkIt16IzlnOoG_OXMZHkIocZBSoKk4qn6rHq3NuIgzmnxLaUTcGgoVhOX1ciGUsB-UfWkW6ayYeWb-NmL8AE2J2YoZQD4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB_C_0ocBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEKiiDNIIBwiAYRABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=3O-p_caT1Ac&template_id=419&tpd=AGWhJmvPou9u9MmOwjnecdYR0YOnrQ3wbSOx_j2k7UtYj9JJSQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame FBD7 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:27:26 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame FBD7 3 KB
2 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 952
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:15:32 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FBD7 107 KB
33 KB 32ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960666436283"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33367
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame FBD7 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:07 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame FBD7 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTgq92O3w7gto69Z8Pgv29xyQV_3ixcag41xN5EfRlmfs9h3zLStAfBKPLSXOF693KRqi7uTpN124zNDeKsHhmLoghh9g
Requested by: Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
177 B 312ms
311ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1854956092478443&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=2&rcs=3&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D4%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3D43aa1607a0c08c74b14a9039e7b909b4%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D220%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D400%26reqt%3D1613205083228&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084243&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=1d&ifi=49&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1783ca35863bfd63f19181a350b7dcf357694335d53a3c7994787666d26eec5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 147
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
480 B 190ms
189ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2841420797965778&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1613205084247&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084250&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=1e&ifi=50&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

38c81b5865c0bfb85c7cfd183c5e972145958fe3850aad60b39f3966af6b1e54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 139
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1A3E 143 B
245 B 6ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmRbs8xKoeJmBzkjdlWNA4R__MgEDd9XhIHjYII9gBmrzCmhv0JTTJBfGLY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 13 Feb 2021 08:23:05 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 499
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 74A1 6 KB
759 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:600,700,regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:24 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 74A1 16 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 04:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14744
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 14 Feb 2021 04:25:40 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 74A1 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 13 Feb 2021 22:10:28 GMT

GET
DATA 200
OK truncated
/ Frame FBD7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a94980b08339a5542059aca5d7e8c6773a9ae39eef169c2bcad97cb933ea17c0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 222ms
222ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3197316267542054&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1613205084328&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084330&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=1f&ifi=51&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=16

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c665cfae08e90133d0851e11c4b0fbf59377f0edc07323e5022c05cb13b909a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 201ms
200ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2404057802775815&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D80%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1613205084332&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084335&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=1g&ifi=52&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

44f25f359fb7b83aa729b8c497a555aa120b21491816ccc61a1c34f6e2a38b72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
172 B 194ms
194ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1048941443974205&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1613205084336&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084340&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=1h&ifi=53&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

7ff202027c17d6fc15358e49e0311353dfdd69f1d3d3868650999b5bacb884e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 74A1 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600,700,regular

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:600,700,regular
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:56:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:49 GMT
server: sffe
age: 354879
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9180
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:56:45 GMT

GET
H3-Q050 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v18/ Frame 74A1 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:600,700,regular

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Open+Sans:600,700,regular
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:13 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:27 GMT
server: sffe
age: 403571
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9080
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:13 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 1A3E
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
120 B

58ms
58ms

Document
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUmRbs8xKoeJmBzkjdlWNA4R__MgEDd9XhIHjYII9gBmrzCmhv0JTTJBfGLY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 13-Feb-2021 09:31:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 39 KB
13 KB 336ms
336ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3680762574698369&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D7%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D80%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D1%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1613205084373&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084376&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=638&adys=205&adks=1970382492&ucis=1i&ifi=54&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

786e70c68d921fa70c50079a5531f390d40d2b4a54731ce909d1762e5e6185d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13262
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 340 B
168 B 189ms
189ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2966288183725123&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D60%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D140%26reqt%3D1613205084378&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084381&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=1j&ifi=55&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=17

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6a20df1c9969434b2bdc65b74e6c8695af04f9d32d54ddd01b790cd55ba8753c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 138
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
179 B 181ms
181ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=764638184663010&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=5&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D3530fcb6bcc13dc3c1712eaef7d92700%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D160%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%2C21%2C22%2C17%2C20%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D350%26reqt%3D1613205084382&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084385&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=1k&ifi=56&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=18

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

99b012f932cc8ebef88bfb75652d7254dafe230cf783a88355e7008b2680e3c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 47 KB
15 KB 254ms
254ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2060697541198841&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=5&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C254%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D6%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3Ddfa60cee6e1053fc0c9e607c8047bd28%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D80%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D0%26stl%3D34%252C51%252C28%252C67%252C45%252C0%252C66%252C20%252C71%252C30%252C117%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D200%26reqt%3D1613205084387&eri=1&cookie=ID%3Dd723699214013821%3AT%3D1613205078%3AS%3DALNI_MZlGm2AbP6KENwa4vq7OcLcup1mTw&bc=31&abxe=1&lmt=1613205084&dt=1613205084389&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=205&adks=1505197098&ucis=1l&ifi=57&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

0e87e9b2f707860d2f48d497425e02e2c5b43d072175d682d9df7094e91a7e5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15487
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 logo_v02.svg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/ Frame 74A1 6 KB
4 KB 6ms
6ms Image
image/svg+xml 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11441665821572190266/logo_v02.svg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3d21be02646badfddef3c5b4d98794e2a48f77f9e7ab7f999928cd2603f47b3

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 153566
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2272
x-xss-protection: 0
last-modified: Wed, 02 Sep 2020 08:44:48 GMT
server: sffe
date: Thu, 11 Feb 2021 13:51:58 GMT
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:51:58 GMT

GET
H2 200 container.html Show response
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 0AC0 6 KB
3 KB 7ms
7ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 13 Feb 2021 08:31:18 GMT
expires: Sun, 13 Feb 2022 08:31:18 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
400 B 24ms
22ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJkZmE2MGNlZTZlMTA1M2ZjMGM5ZTYwN2M4MDQ3YmQyOCJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDgsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTE3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZsWO6%2Fy8nfhM%2BRSuCSgrKhAP69h5FoVlzEIbTCt165bVNsIPCS4KvzrPn2YCOxAprMWp82bw0JCy6%2FDkARRcxldKPcDQahOwS5d%2Fq2WiGNxwenzcJEPh9NTD%2B%2FJp9NgmmEQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163299b2b7d-FRA
content-length: 0
cf-request-id: 083c1d31f900002b7df0952000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 29ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
277 B 27ms
25ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAyLTEzIn0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=J%2F1feUOLTXvn9v2sqoWn%2Fq6q1mnaHWr%2F02nlUtpUk%2BHaL67xr17acPjJlHY6zcM8AYt7glU4vPZF4JnWiG4ewiHoMBEVBYIMrLBwZ9NUmzMTbX84%2FEwzUCkWOBWP7TqKhG0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163299c2b7d-FRA
content-length: 0
cf-request-id: 083c1d31f900002b7ded208000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 23ms
22ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImF1Y3Rpb25fZXBvY2giOjE2MTMyMDUwODUsImFkX3Bvc2l0aW9uIjoxMTA5LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiYmlkX2Zsb29yX2luaXRpYWwiOjE5MDAsImJpZF9mbG9vcl9wcmV2IjoyMDAsImJpZF9mbG9vcl9maWxsZWQiOjgwLCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjoyNjMsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjozLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JXfReV24jTQRdWkucmypJBJSpB%2FkSWBc5siokK3LcCGxwPXr%2F5QTrI1svQ2IAGeBd7bjxcVNhqkVyyijnxAJq9SLbY9KahPZH4Cu11Cl8eIMtp54z3Kssz%2FwTUMxCi4CeOU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163299e2b7d-FRA
content-length: 0
cf-request-id: 083c1d31fa00002b7d9c807000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 css
fonts.googleapis.com/ Frame 0AC0 5 KB
800 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:24 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0AC0 5 KB
754 B 16ms
16ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&text=

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:24 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:24 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H2 200 m_js_controller_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 0AC0 31 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/m_js_controller_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d0fc0debdcfbf299be5d5944ad77e3efd284e07ae5e941f19330529702f9d61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 152
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12671
x-xss-protection: 0
server: cafe
etag: 10706700179169536876
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:52 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-37/js/ Frame 0AC0 24 KB
7 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-37/js/ext.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48c978eaee9473c367fd30eea148b6cd5233e58a317a36157c24e5dd2af62a97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 16:20:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 58262
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7485
x-xss-protection: 0
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 16:20:22 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame 0AC0 18 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:27:26 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 0AC0 3 KB
2 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 952
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:15:32 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0AC0 107 KB
33 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960666436283"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33367
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 0AC0 14 KB
6 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:07 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 0AC0 0
0 14ms
13ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTOjVM0xQbjYwGk1FWObcBJHF-madmF1utgv_ZA70q5n1hX1P_7en-yBhqrNLELCKnNiqt4BPUz-aoTLR25-PWxezV_og
Requested by: Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0AC0 0
0 60ms
60ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cew7pXI4nYMiiG9GSx_APo9Wd-A2ew-X9YP-7harQCoKm2K6zChABIPT5xiVg9ZXOgeAEoAHjz5m_A8gBBuACAKgDAcgDmwSqBPIBT9DG_amr2eSihX1vlXarn0i8gIQzmVs1JI77lJKV_0B5i6zdkbnG0INHzR_2I6Dt7jTTrFlOpJBxPrdnNEu6Ii2jYzonW_aatWSoIfsN_H7Z08XvxIt1g-jCAZV7gBweCsg57j_Uf0UNC1kRJaE0A5VYDj_RGVFUcohWzmZibGA45NgvAsiB90X0ZWYaeTrX4yma80CsVn-DgLmGaxaDAj3arCkaGOMbK31NOVEmxGH6c-Kha3_ZC_VwFQudia20VnDL6cZZovh39seK7WNP9phQhDeG1OFLc-vMWPixyyKLvzfNUm8IMZ0xFdDvFsq2dtfABLOml5PFAuAEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAY3gAfd9pMwqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEOjxMNIIBwiAYRABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEwyIFAKyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=2AUUwSHHaDE&template_id=492&tpd=AGWhJmupaO5BMfNBS30gYtgWYXIz3Dz8SjH1KudhOZlhoqisUw
Requested by: Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 0AC0 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:54:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 355010
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11016
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:54:34 GMT

GET
H2 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 0AC0 11 KB
11 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400|Roboto:400,500&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:19:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 403911
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:19:33 GMT

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2CE5 143 B
198 B 6ms
6ms Document
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 13 Feb 2021 08:23:05 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 499
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 901D 1 KB
1008 B 6ms
5ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 12 Feb 2021 15:30:58 GMT
expires: Sat, 13 Feb 2021 15:30:58 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 61226
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0AC0 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2e2e85a60c60615c64af995f082c4fc72c9d3c8657b2737e695251f37bc0de55

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 container.html Show response
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame FE52 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 13 Feb 2021 08:31:18 GMT
expires: Sun, 13 Feb 2022 08:31:18 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 6
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
439 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI2In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiZGZhNjBjZWU2ZTEwNTNmYzBjOWU2MDdjODA0N2JkMjgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDgsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MC4wMDA4LCJiaWRfZmxvb3JfcHJldiI6MC4wMDIsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ0MzgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dGf%2B7%2BawB302Hl3xPrlKWfxdVwQNBg0HzmX0CXVdVbwEjUoyNr3VF2O9XrUGwCuhsuLCnaS9pmFDKScEZVXWu6sWh6FiJvEcgG0zs7taS%2BjFmHeVjR6NsEJJzGUDkgmOOlg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163ba882b7d-FRA
content-length: 0
cf-request-id: 083c1d325300002b7dfc22d000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 29ms
28ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
277 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RfMOnXMVV6LDYE1WccKzgi84%2Bx78kjM9C3BnPXrjPbKbtbx8sex2kzoSGjMIoCjyCqVzAOjOVN%2Bb3nKH2OlzOkMw4vLRR1RmZxMWWPCHGnU%2FpVvDHWPBP5rFpYMh5%2Bo3gbA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163ba8a2b7d-FRA
content-length: 0
cf-request-id: 083c1d325300002b7daa16e000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
279 B 24ms
24ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYXVjdGlvbl9lcG9jaCI6MTYxMzIwNTA4NSwiYWRfcG9zaXRpb24iOjExMDksImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTkwMCwiYmlkX2Zsb29yX3ByZXYiOjIwMCwiYmlkX2Zsb29yX2ZpbGxlZCI6ODAsImF1Y3Rpb25fY291bnQiOjYsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjM2NiwibXVsdGlfYWRfdW5pdCI6MSwibXVsdGlfYWRfY291bnQiOjMsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v%2Bo85XC%2FjTLrzeyA%2FhCNjTGp27R6ny5RDb0dupqIPKEP48LI9YIPboixfwu0gFVS%2Fuea1IV7fO64nQRQzQA6pfcNgkoYqZHFIYyE4f2VP%2FZKA2VQWoj%2F%2FHJZWb64jrYNDlo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3163ba8b2b7d-FRA
content-length: 0
cf-request-id: 083c1d325400002b7daebc3000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
718 B 364ms
364ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1348550140217578&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=4&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D5%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3Da495ce7dbb4cefcd3e0a722048894f41%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D100%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D220%26reqt%3D1613205084755&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084757&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=1m&ifi=58&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

526cb9a7553d6aa0aebe91009a0ffeb4385bb86d8affd3c8791e6fc3b14c8241

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 239
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame FE52 0
0 60ms
60ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CYF48XI4nYNSsGtKDgAf_v5jIDevOk49hy9bBto4NsJAfEAEg9PnGJWD1lc6B4ASgAZSKwpADyAEC4AIAqAMByAOZBKoE8wFP0FrnmGL0DhO-thYscDwGQXrFnsfUH0yQiK89767h6qpDVohGehKnNlI7AdB2DBmHFCj0VOw3NG4m4YtwRoQUlc0-etLUKVMBqxku-YfspA5sqtPm-y220XrP8c4mdCIum3sSOcEl9YHK7DhaVSr95JMBeFOlDQkhH7QCI4_vjhtLF58gOC8Kk2qFeILSSugKj-gj5Fiqb_FfUqRy2x0BpiLK-dcMD25mk8JX5hdMIgE1P40MbknoO14aKKG3snNd2jocqxHTtAs017UWivqgZO2pvOja5BrKdSlIIi6XgbudkEO8u_2FUQ3W8xYHuavnyjPABJG61NO4A-AEAZIFBAgEGAGSBQQIBRgEoAYCgAfU9b1vqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEOjxMNIIBwiAYRABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=OO8IMdDUwZ0&tpd=AGWhJmsRX2K006hqnxN1DJs2at7Wxr5oz-Q4KvMjZgUNN6j7Lw
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame FE52 18 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 238
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:27:26 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame FE52 3 KB
2 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 952
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:15:32 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FE52 107 KB
33 KB 34ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960666436283"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33367
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame FE52 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:07 GMT

GET
H3-Q050 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame FE52 25 KB
11 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a29297eaef6c8ec4f15846560d443d488afd81b9b85b1e3357656587bc9db222

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 05:07:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12232
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10789
x-xss-protection: 0
server: cafe
etag: 17266012695621626851
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 05:07:32 GMT

GET
H3-Q050 200 18357026541566313846
tpc.googlesyndication.com/simgad/ Frame FE52 47 KB
47 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18357026541566313846?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qn0C_TjOcmrgch9pSGfWg-n4rohzw

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cdac854f4acbfdb8ead9baed8f44862231ee9739eee36777bd3eb60e94ce4c19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 14:43:34 GMT
x-content-type-options: nosniff
last-modified: Wed, 22 Jan 2020 21:08:16 GMT
server: sffe
age: 150470
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48319
x-xss-protection: 0
expires: Fri, 11 Feb 2022 14:43:34 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGAIqC6lk4RGQChaCS6ErIU&google_push=AQvitUJTJLySzPqJtxQWlIh1TDUrWVGHeUmQaJ0SacNyZ5WZwDcZ6KQYad...

170 B
190 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGAIqC6lk4RGQChaCS6ErIU&google_push=AQvitUJTJLySzPqJtxQWlIh1TDUrWVGHeUmQaJ0SacNyZ5WZwDcZ6KQYadCR9cOwBlSQJfGR9KsQCmApx62_avNbfyC8Q_kdKpk

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
via: 1.1 varnish
server: Jetty(9.3.8.v20160314)
x-timer: S1613205085.795314,VS0,VE96
x-served-by: cache-hhn4061-HHN
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEGAIqC6lk4RGQChaCS6ErIU&google_push=AQvitUJTJLySzPqJtxQWlIh1TDUrWVGHeUmQaJ0SacNyZ5WZwDcZ6KQYadCR9cOwBlSQJfGR9KsQCmApx62_avNbfyC8Q_kdKpk
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
x-cache-hits: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEM-Ez14SXrW3Pn_Se2aYGuA&google_cver=1&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAf...
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=8&google_gid=CAESEM-Ez14SXrW3Pn_Se2aYGuA&google_cver=1&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtR...
https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M&google_sc&google...

170 B
190 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M&google_sc&google_hm=8o0JypCsRj6Sa0JlA035qmAnjlw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://cm.g.doubleclick.net/pixel?google_ula=1293153&google_nid=ssc&google_push=AQvitUIoLWXgUzaMxgqpP7k6mdTEQW6LDx71obljFEDAt0Y-OwDcMgAAQxwfZn-Ad0KtRfcSLizoQAfb4cetISD5AhncZxZnk0M&google_sc&google_hm=8o0JypCsRj6Sa0JlA035qmAnjlw
cache-control: max-age=0,no-cache,no-store
content-length: 0
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://match.adsby.bidtheatre.com/adxcookie?id=&google_gid=CAESEGbGDbpy_YIxWzwmz9XzeVs&google_cver=1&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9D...
https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9DfzhErLi6Y5uyOkck

170 B
190 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9DfzhErLi6Y5uyOkck

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=bt&google_push=AQvitUIloioJaaZDF0qDpQdoy5p2iO3UMDGFqnS1NFOlNBX5iLrL1V1mj6-WXFQDalt1-d5BGlKVn0AX-9DfzhErLi6Y5uyOkck
Date: Sat, 13 Feb 2021 08:31:24 GMT
Server: Apache/2.4.41 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI2mfoswDFqoFaSTMc_vW5c&google_cver=1&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOd...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI2mfoswDFqoFaSTMc_vW5c&google_cver=1&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQ1OTMxOTU3MDc4MjM2MTg5MQ&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DH...

170 B
201 B

37ms
37ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQ1OTMxOTU3MDc4MjM2MTg5MQ&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOdUl1-wJOQcq8Xwb0s0A

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NDQ1OTMxOTU3MDc4MjM2MTg5MQ&google_push=AQvitUKxTt2PrydhKNfiQLabN2xudMVpomkpniltHVkQ-uJhcRZTZrTZMuHzj-jmM-IYlWDNtP2-DHOdUl1-wJOQcq8Xwb0s0A
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
expires: -1

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCi...
https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCiP3l01ZvjthWERAyg&google_hm=40328647-9f18-4510-a72e...

170 B
190 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCiP3l01ZvjthWERAyg&google_hm=40328647-9f18-4510-a72e-9bb985b6828a

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:24 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-129
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_push=AQvitUK8GK3OicmbC6bwI9Tp4xAeCLzufTYxSf1U3-yFxI9n6OASJvWE0dluBYWmCIbYatGrCdNxQ37UCiP3l01ZvjthWERAyg&google_hm=40328647-9f18-4510-a72e-9bb985b6828a
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame 901D
Redirect Chain

https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v...
https://pixel.advertising.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD...
https://ups.analytics.yahoo.com/ups/58202/sync?gdpr=&gdpr_consent=&redir=true&google_gid=CAESEE3HZZ5-iTtnfHR5etlWVQo&google_cver=1&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD...
https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBkYmQzZTJkYi02ZGQ1LTExZWItOWViNi0wNjIyZWIyOTg2ZDI%3D&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4...

170 B
190 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBkYmQzZTJkYi02ZGQ1LTExZWItOWViNi0wNjIyZWIyOTg2ZDI%3D&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Sat, 13 Feb 2021 08:31:25 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_eb&google_hm=VVBkYmQzZTJkYi02ZGQ1LTExZWItOWViNi0wNjIyZWIyOTg2ZDI%3D&google_push=AQvitUKDyaCUToBdOC-CRFigPL4-lQEvxzEDTxmqsVpLrtrZ4dmRPD9v7e7rS3KKb4aMDCjV_aAyqITjsifUg-I-EL8pv5e3D-pU
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 901D 42 B
233 B 348ms
110ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEL7LmGZ316EMzLcqVbek3vw&google_cver=1&google_push=AQvitUL2k5xQi7RZC9ZptHxFWQ6d3DgiSX0dmJs9y1ZI7JF0H1F17xSlo5_gIwNxs1PzVhIrzxVhQpWJhbvVw5IXOeKvv6RqffI
Requested by: Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:25 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 901D 0
59 B 38ms
32ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IhoJIHu5ty2kwv5Rjmf1jzP3Pet4xWMsucoLI7ATHEaBXR4JMpW8aoZW8RG8S5HaJdIG-BeeY

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 82 KB
28 KB 327ms
327ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2041354596354715&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C3%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D1%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D18%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D1%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D60%26reqt%3D1613205084782&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084785&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=953&adks=1611167343&ucis=1n&ifi=59&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

79c2cc1565436e77cace60524592f7a6b13959d25c39a14be92d2b1c35a2d35c

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK2YoaC55u4CFcTXEQgdlZcDgA&gqi=&layout=/sadbundle/%24csp%253Der3%24/1182007278037245644/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CK2YoaC55u4CFcTXEQgdlZcDgA&gqi=&layout=/sadbundle/%24csp%253Der3%24/1182007278037245644/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27374
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 13 Feb 2021 08:31:25 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2CE5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
44 B

74ms
74ms

Document
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlbTfzv79ecKX269cDX3aPAEao64y7MPm-Pk_vyxpStpIV-i0atwlD-rsEN
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 13-Feb-2021 09:31:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2A83 143 B
212 B 24ms
24ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 13 Feb 2021 08:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 328
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EDB9 1 KB
923 B 24ms
24ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 13 Feb 2021 05:59:32 GMT
expires: Sun, 14 Feb 2021 05:59:32 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
cache-control: public, max-age=86400
age: 9112
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame FE52 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9e79876ade251479d543a8f826f02686605951b395a37d305ebda877c0200c84

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEJfbJUybXF7OLG5Fy1sPiOI&google_cver=1&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0eJRSP4jvKchJSw
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=U2N4d0JCdGFCZGFhbUZaQ1hZNG5ZQQ%3D%3D&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0...

170 B
220 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=U2N4d0JCdGFCZGFhbUZaQ1hZNG5ZQQ%3D%3D&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0eJRSP4jvKchJSw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=U2N4d0JCdGFCZGFhbUZaQ1hZNG5ZQQ%3D%3D&google_push=AQvitUJ6kLvs0M17gptLA4NQB2zFHNUSIpwxEII0AIkexHQcQsUGOegipGp_W6YoaCvLR9Snp0d1CSKFjSBq0eJRSP4jvKchJSw
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 242
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://px.adhigh.net/p/gm/rub?google_gid=CAESENIhqIESVG6EwZBXvlenIPA&google_cver=1&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA
https://px.adhigh.net/p/gm/rub?google_gid=CAESENIhqIESVG6EwZBXvlenIPA&google_cver=1&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&bo...
https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&google_hm=t0GEV26IbnkAAikABlF3moPun...

170 B
251 B

36ms
36ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&google_hm=t0GEV26IbnkAAikABlF3moPunw%3D%3D

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:13 GMT
server: nginx
access-control-allow-origin: *
x-backend-id: f4-ru
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=gint&google_push=AQvitUKw4fnKANgkuFIojk8Xze3MgBI6whc-7W0Djp1SoYDCaCjoJaOpcBQNpmLoaREMay_2stb2dATfHNQdwk5I1Zuqol2cGA&google_hm=t0GEV26IbnkAAikABlF3moPunw%3D%3D
cache-control: no-cache, no-store
access-control-allow-credentials: true
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEAYgZS5TXbGU8KZtkhPGXkY&google_cver=1&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPB...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0wzR05MWlktMTMtRkE1TQ==&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPBLXMY7ffyLdCyuL1N68XdbH0I

170 B
190 B

33ms
33ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0wzR05MWlktMTMtRkE1TQ==&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPBLXMY7ffyLdCyuL1N68XdbH0I

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S0wzR05MWlktMTMtRkE1TQ==&google_push=AQvitUJaPk7IPXwZAbpN5UPbIBmaU58OnAyPzaqhD6ebMg9t3tb0wJFvYtz8mT7uAux1UpALtPBLXMY7ffyLdCyuL1N68XdbH0I
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: de8527bfa1ccfd6c1590da0d3b6cff52
Expires: 0

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://google-sync.rutarget.ru/sync?google_gid=CAESECBMsvo7E0rfizr7STEjQR8&google_cver=1&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoNWk-F2P4HUt2pUpdQ
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=V0dqTkxwXzRXZDBt&google_ula=2046794&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoN...

170 B
190 B

127ms
127ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=V0dqTkxwXzRXZDBt&google_ula=2046794&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoNWk-F2P4HUt2pUpdQ

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=V0dqTkxwXzRXZDBt&google_ula=2046794&google_push=AQvitUJTnBiFOn6QbWuRNrzD555WID_LE_ExzPtaV3kh3jYW46GQXxWwLJBzZ_laLoVnh1wQd2j0IfquoNWk-F2P4HUt2pUpdQ
Date: Sat, 13 Feb 2021 08:31:25 GMT
Server: nginx
Connection: keep-alive
Content-Length: 0
P3P: CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YCeOXAi3vZk6IEUF87QcbAAABKIAAAIB&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1i...

170 B
190 B

34ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YCeOXAi3vZk6IEUF87QcbAAABKIAAAIB&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1irpiziR_FZodA9tpL2AS6m8cUEW5qJqIjcxi9L55-tECZUQ-w55TERNTGfqnqHI

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 13 Feb 2021 08:31:24 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YCeOXAi3vZk6IEUF87QcbAAABKIAAAIB&google_gid=CAESEJ5ENrcPqLXMk03fLDUbxwI&google_cver=1&google_push=AQvitUKBhb0KWROjSAG_FlhnE6NA89ISdAI1irpiziR_FZodA9tpL2AS6m8cUEW5qJqIjcxi9L55-tECZUQ-w55TERNTGfqnqHI
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 459
Expires: Sat, 13 Feb 2021 08:31:24 GMT

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://s.ad.smaato.net/c/n///-?adNetInit=g&google_gid=CAESEJdVQMNyiW8R844SG4xW9E4&google_cver=1&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH08cQGKtMtq5E_UIzzShz0HFUE-xq-uEgI_iXWPl7ryz-BGbDodG8b...
https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=9455b69e47db2e4fb0e8&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH0...

170 B
190 B

35ms
34ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=9455b69e47db2e4fb0e8&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH08cQGKtMtq5E_UIzzShz0HFUE-xq-uEgI_iXWPl7ryz-BGbDodG8bR7xoqtafGw

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 13 Feb 2021 08:31:24 GMT
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cm.g.doubleclick.net/pixel?google_nid=smaato&google_hm=9455b69e47db2e4fb0e8&google_redir=https%3A%2F%2Fs.ad.smaato.net%2Fc%2F%3FadExInit%3Dg&google_push=AQvitUK_nFdzPw443wUSNV1hoJxm5d4lneH08cQGKtMtq5E_UIzzShz0HFUE-xq-uEgI_iXWPl7ryz-BGbDodG8bR7xoqtafGw
cache-control: no-cache, must-revalidate
content-length: 0
x-amz-cf-id: k0Oej8KSlZsUJHc6RgLHaEVO4hiNVyWQ-9QfdzsOT-KOxSciz9uR9g==

GET
H3-Q050

200

pixel
cm.g.doubleclick.net/ Frame EDB9
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEF46xb-SgVS5s2hEhgeIMzg&google_cver=1&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5I...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5IbyUBa&google_hm=NTMwNDU1MzY...

170 B
228 B

35ms
35ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5IbyUBa&google_hm=NTMwNDU1MzY2MTIwNzE0MTIyOA==

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AQvitULWpfgHWgZlkcc9MxYofjGUyYx_hYUgO2vRKPoulRCC2s4QsEHbfejqTgR7NXqGc6n4s7lIOcDEQq-AgbeVzbX4o5IbyUBa&google_hm=NTMwNDU1MzY2MTIwNzE0MTIyOA==
Server: Jetty(9.0.6.v20130930)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3-Q050 204 attr
cm.g.doubleclick.net/pixel/ Frame EDB9 0
424 B 55ms
53ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KWknIw0AQAVzfn7VGI-muxY9u8zJw2rxwUMK0J2H_-tvU3b2s_hS5ORt6dbru92qQQFnCHAw

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:24 GMT
server: HTTP server (unknown)
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 2A83
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
44 B

57ms
57ms

Document
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlbTfzv79ecKX269cDX3aPAEao64y7MPm-Pk_vyxpStpIV-i0atwlD-rsEN; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 13-Feb-2021 09:31:24 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sat, 13 Feb 2021 08:31:24 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:24 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 446 B
253 B 310ms
309ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=4333355429700204&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D18%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D60%26reqt%3D1613205084854&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084858&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=1o&ifi=60&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=19

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

f245eb7469b4eab11697db7c5a601dd0e64c0a0913aa0b1bae3e3a52ee9cbf79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 220
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 83 KB
28 KB 345ms
344ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1530241589295199&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid3%3D208824%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1109%26sap%3D1109%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D8%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D1%26al%3D1001%26compid%3D0%26tap%3Dwinhelponline_com-box-2-208824%26eb_br%3De66c30deca31b19eda212eeca1258584%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D1%26acptad%3D1%26br1%3D24%26br2%3D950%26ezoic%3D1%26nmau%3D3%26mau%3D2%26stl%3D83%252C117%252C120%252C67%252C51%252C122%252C66%252C20%252C117%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D80%26reqt%3D1613205084859&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084862&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=962&adys=205&adks=3314737083&ucis=1p&ifi=61&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=323x250&msz=323x250&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c1e0ec49bed120e3efb5481d06befcef2693e65099fa5806e336438cefdd0b63

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COyYpaC55u4CFVTdEQgd5coFIw&gqi=&layout=/sadbundle/%24csp%253Der3%24/8182301582077147863/Bank%2520Avera%2520-%2520Genossenschaft%2520-%2520300x250/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COyYpaC55u4CFVTdEQgd5coFIw&gqi=&layout=/sadbundle/%24csp%253Der3%24/8182301582077147863/Bank%2520Avera%2520-%2520Genossenschaft%2520-%2520300x250/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27632
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Sat, 13 Feb 2021 08:31:25 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
11 KB 329ms
329ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=127741395032355&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D0%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D18%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D0%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D60%26reqt%3D1613205084863&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084866&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=688&adks=3917434485&ucis=1q&ifi=62&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

c080c4a70f92a654c7e93f3a3e9746c286d725fe7d262da5c4033eb73915ba04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11045
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 446 B
277 B 290ms
290ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=3930028819613100&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=6&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D8de355ef1cf56b7da61277050d9957b1%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D18%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D60%26reqt%3D1613205084886&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084911&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=1r&ifi=63&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=20

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1e647bdd79ca5c4ef5c258ea551dc508448f2cb05577ec99dc05147678ca59d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 227
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 454 B
449 B 328ms
328ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=4443636789512262&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=6&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D7%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3Dc352ba581bd3ffd8cea608cf2d55f519%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D60%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%2C21%2C22%2C17%2C20%2C21%2C22%2C17%2C19%2C20%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D160%26reqt%3D1613205084917&eri=1&cookie_enabled=1&bc=31&abxe=1&lmt=1613205084&dt=1613205084920&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=1s&ifi=64&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=21

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

5be5d1d8abece06c1f3a82ba99422236612be1ff31db58c2e7695421c9c43835

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 235
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 container.html Show response
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame A18B 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 13 Feb 2021 08:31:18 GMT
expires: Sun, 13 Feb 2022 08:31:18 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 7
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
290 B 24ms
22ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOGRlMzU1ZWYxY2Y1NmI3ZGE2MTI3NzA1MGQ5OTU3YjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE4LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTA0MTY5ODgifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6MCwiY3JlYXRpdmVfaWQiOjAsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=AqYBmqUT205twwWXA1WSkeOvRe2WGwEx%2FhTnNqtxP6jmM%2FV96fM%2BD3moFswTD5eHG1tc%2F8dTKZbtJBRZ%2BnwmosBah7diRzavPrPxnTKmOIHp9%2B6I43Ef1eB7qQNcG4%2BvzvE%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31661e672b7d-FRA
content-length: 0
cf-request-id: 083c1d33cf00002b7d76039000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
40 B 35ms
33ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
278 B 23ms
22ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjowLCJjcmVhdGl2ZV9pZCI6MCwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y%2FWJfVAOZNJmMYw9LcdZEp%2BqjLZqAmVSOPYDrpeVDMGDZRa8G3%2B34k1h2x3teE7bDLBIveF2QbYXxqrwlPJVWzSZs5dld4lzHz63%2FZpCSGL8Ar3z3YHMYaD%2BZbEvs355Cwo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31661e692b7d-FRA
content-length: 0
cf-request-id: 083c1d33cf00002b7db21e7000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
417 B 20ms
19ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYXVjdGlvbl9lcG9jaCI6MTYxMzIwNTA4NSwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTMwMCwiYmlkX2Zsb29yX3ByZXYiOjYwLCJiaWRfZmxvb3JfZmlsbGVkIjoxOCwiYXVjdGlvbl9jb3VudCI6NywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6MzM5LCJtdWx0aV9hZF91bml0IjoxLCJtdWx0aV9hZF9jb3VudCI6NCwibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7WPAj3A74oJhUVlvdQxsHCdc33A3rW8S0V0zTWxd%2FyQYoCsx%2BH7Ydm112J82heGIzN4UnLciqFhsyIkJN32m01wRAdkLx%2F3rWE6Yfk9n9MGfnH4RQyvJQ8uYwc4BIoE4lws%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31661e6a2b7d-FRA
content-length: 0
cf-request-id: 083c1d33cf00002b7dc6859000000001
expires: Fri, 12 Feb 2021 08:31:23 UTC

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/ Frame AF09 2 KB
2 KB 7ms
6ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f16f982c1530ec53eb25f8012bdc9de3def05de4764077bbdc924836b3a1582d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/1182007278037245644/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1166
date: Thu, 11 Feb 2021 09:20:05 GMT
expires: Fri, 11 Feb 2022 09:20:05 GMT
last-modified: Tue, 15 Dec 2020 06:12:05 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
age: 169880
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A18B 0
0 61ms
61ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cc_hUXI4nYK36M8Svx_APla-OgAi3-6mDYdurs7b5DI2A5LbrAhABIPT5xiVg9ZXOgeAEoAH_24rIA8gBCeACAKgDAcgDCKoE7QFP0K7h2a5jlDlHL1WPEKgwIeK-T5lfd8tqOfVt4IU8fG5BaDKOlOF4CFEX147DIzkSafQV123RXyzbBIM3YvCwlybuKU_pZfZxZaQSko8SZqQFKxZCuBt_gmbjGsMMgwwFOdJClsrrCnOUE8WzqzCad2f1DHf5aUaEhL0thItB_PzTy8OyxFzLrFVuWWVvGV9KhH1lyJZe1Ss6fSQAiKXdOLa6mO9DEPEBcskBG9esvOpaj5Xb7K-sy9cTw41lyfW2vmCxdN1boZzLyxP0ILmEtPedYjCtISRCXhJA6DMoN7PXOUQ10BM3NSxQZtrABNmDxpmzA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfw7qyiAqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCIhgvSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi05MzA1OTU4Mzg4MjgxMDUzgAoDyAsB2BMMshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=JFeHclkNorY&template_id=419&tpd=AGWhJmtCBthR1cVhF73dyB7POCHU9_MRkQv4vC-4FRSFwRrn4g
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame A18B 18 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:27:26 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame A18B 3 KB
2 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:15:32 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A18B 107 KB
33 KB 32ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960666436283"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33367
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame A18B 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:07 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame A18B 0
0 14ms
13ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQwqEy3uI3lV1HlThQGhD_YP456QZMCovZIrptvJg21-ATJgvyfGq3rY3_wXyc1ROomsjUYgW8fyRe68cvmNoT9T4B-rg
Requested by: Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame AF09 9 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 05:56:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 9312
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 14 Feb 2021 05:56:13 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame AF09 22 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 13 Feb 2021 22:10:28 GMT

GET
H3-Q050 200 Grammar_check_Animated_4.gif
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/ Frame AF09 27 KB
28 KB 7ms
7ms Image
image/gif 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/Grammar_check_Animated_4.gif

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/1182007278037245644/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ef6662057d29b163b609fa20b28204d73f55923af5b743068ba8f6dc9f55004

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 156877
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27193
x-xss-protection: 0
last-modified: Tue, 15 Dec 2020 06:12:05 GMT
server: sffe
date: Thu, 11 Feb 2021 12:56:48 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 12:56:48 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3361 143 B
616 B 24ms
24ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmFHrbmtZZJWOWKAPvACSYJuXha502vVpiawtku18aTlBiBlmwHM3L0NWEy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 13 Feb 2021 08:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 329
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame A18B 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 955227a6448da318e8ea0eac7bcf1837ac4103ce4b8e21e1f869d5dd14f650c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 95E3 180 KB
51 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 95E3 13 KB
5 KB 37ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233273
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:32 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 95E3 90 KB
27 KB 38ms
17ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 95E3 3 KB
1 KB 41ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:20 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 95E3 41 KB
13 KB 41ms
20ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233303
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:02 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 95E3 1 KB
474 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&lang=en

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0f4831384e5f952f5be620c856801cbe0f152c7d7e73dedb1716f68ca2a49ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:25 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 95E3 1 KB
520 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0f4831384e5f952f5be620c856801cbe0f152c7d7e73dedb1716f68ca2a49ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:06:01 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
DATA 200
OK truncated
/ Frame 95E3 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60badb06436674090370775a5d077e93e0f918f3932df76851b6dd55620ae472

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13239198186886646228/ Frame 95E3 5 KB
5 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13239198186886646228/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qn5K6qH6eqIUIZGuhI7D4ul0XRKQw

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

992b916b1c2bfee7168ae8984355f84db72b35b7d70080e7571709f0150fa266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 07:24:08 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 Jan 2021 15:04:45 GMT
server: sffe
age: 176837
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5185
x-xss-protection: 0
expires: Fri, 11 Feb 2022 07:24:08 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 95E3 0
0 62ms
61ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CIfT3XI4nYPe-OJCEgAf_z7KYA7_K8_lg6da9tpAN2tkeEAEg9PnGJWD1lc6B4ASgAemc1dEDyAEGqQIMirery8-yPuACAKgDAcgDCqoE9AFP0CwENI7EY0zrrHqEp4xkrlIJvy6kx4rehOsGZvOJMr2umQduf9VqoFS_kOhFZc7xHngnm2jtA1OF3oArntmWY7VmlS4m0mNiwi5q5Ck2uHbhdJ8NeCeJ4yAgbcFfGSQmwYQNdzKG0RjFpsCYdpBgfZwUbmhMNMun3ioXgpydb-27cb8SBAiaXGuX1UlhGHGIg0UmvU4gfK-4EsvHYnG9OuMkFKf3zsN4EvBAYgLFATpQqRGuec2jZadj3qHubL5Sx6GMur4ZXU5wocRnrnmBrgIEmBxGIerM90d5-uESz5WDLLrMLQQ-MfwrufFEYtPnhbEEwATl4s7grgPgBAGgBjeAB4DEijCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiIYL0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tOTMwNTk1ODM4ODI4MTA1M4AKA8gLAdgTA7IXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=pn96r2GhC98&template_id=492&tpd=AGWhJmu_VZz-BhqRT7KSMN1GMNimXJs6gqUrBGs2R4u6g8umgQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 95E3 2 KB
3 KB 7ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 95E3 295 B
714 B 6ms
5ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
298 B 15ms
14ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiI4ZGUzNTVlZjFjZjU2YjdkYTYxMjc3MDUwZDk5NTdiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDE4LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMTgsImJpZF9mbG9vcl9wcmV2IjowLjAwMDYsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTkxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImxpbmVpdGVtX2lkIiwidmFsIjoiMjg2ODcyNzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iEydW%2F%2FxvpQuWCeaLQkgzM6hEAuMFWyj9ZZbYB92%2FuR87NUc6OpM3JWJQZMFcUFcXc9NqLtAuJfkiGI4lRq2s8KSB8ekOYE8%2FABeL60YtkMpH296vPUTD7iijH3JnJeQleY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3166cf412b7d-FRA
content-length: 0
cf-request-id: 083c1d343900002b7ded22d000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 27ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
275 B 17ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAyLTEzIn0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NnQUe59qsTD44mnK28R%2BACvlzwJzV7G3oYTPoKOpkiUWRhKsJZu81qKnWbirDoDR%2FM1SS2tgc9K0kjrIHjsjLZlCqjy4xQ4ZgZFGx4hmNynYy%2ByCFjYLPJUzdjYC5IMNJQ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3166cf422b7d-FRA
content-length: 0
cf-request-id: 083c1d343900002b7dc4059000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
281 B 18ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImF1Y3Rpb25fZXBvY2giOjE2MTMyMDUwODUsImFkX3Bvc2l0aW9uIjoxMTAyLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiYmlkX2Zsb29yX2luaXRpYWwiOjEzMDAsImJpZF9mbG9vcl9wcmV2Ijo2MCwiYmlkX2Zsb29yX2ZpbGxlZCI6MTgsImF1Y3Rpb25fY291bnQiOjcsInJlZnJlc2hfYWRfY291bnQiOjAsImF1Y3Rpb25fZHVyYXRpb24iOjM2MiwibXVsdGlfYWRfdW5pdCI6MCwibXVsdGlfYWRfY291bnQiOjQsIm5ldHdvcmtfY29kZSI6MTI1NDE0NCwiZGF0YSI6W3sibmFtZSI6IiIsInZhbCI6IiJ9XSwibGluZV9pdGVtX2lkIjoyODY4NzI3NH1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7ixZUlvPKXflVuq59kK6TXFpu4rA1a%2BaZdUX%2Bjs4pUisi6BfPDYb7FqI%2BpQfNZZNZVeD8j%2FasoF9KyT7vi8qqYm3o4IS%2B6bxDUZcmpfCyE%2BFymbFXTfvQKos%2ForiCxI%2BYfw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3166cf432b7d-FRA
content-length: 0
cf-request-id: 083c1d343900002b7d7cabe000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 container.html Show response
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/ Frame 5D16 6 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-37/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.winhelponline.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.winhelponline.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 2973
date: Sat, 13 Feb 2021 08:31:18 GMT
expires: Sun, 13 Feb 2022 08:31:18 GMT
last-modified: Thu, 21 Nov 2019 16:01:11 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 7
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
276 B 22ms
21ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI3In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiZTY2YzMwZGVjYTMxYjE5ZWRhMjEyZWVjYTEyNTg1ODQifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDI0LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMjQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDgsInN0YXRfc291cmNlX2lkIjozNSwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsb2FkZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwNDM1NDcifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJsaW5laXRlbV9pZCIsInZhbCI6IjI4Njg3Mjc0In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rtrNvbf4LMKqm5ePOllZ%2FJaXu9bSJYYaiujLT1Yv0H%2FqscNvcrkXWIIVlBhZRWi4yQorMnF%2FKCagl4iTQwlkLiS3zVEdb1OFZYNWOU5o5RZ3nz0LF9tR%2FhiiFGKfWa5P9%2FU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31670fb72b7d-FRA
content-length: 0
cf-request-id: 083c1d346300002b7daf17e000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 27ms
26ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
414 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y4UvrcgZ11M1hExPEDlj9ZdNaLG0v65zI2%2BcjqX6J03gL%2FeOzp2GThBCXFMgAZLqpIiVvTLcRRiF0BLF6fEfzbneEx9qpiugEQWDHKl7QdTzH1Th7EIRB3KISk4yihIa9Nw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31670fb82b7d-FRA
content-length: 0
cf-request-id: 083c1d346300002b7d8c23b000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
393 B 49ms
49ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYXVjdGlvbl9lcG9jaCI6MTYxMzIwNTA4NSwiYWRfcG9zaXRpb24iOjExMDksImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTkwMCwiYmlkX2Zsb29yX3ByZXYiOjgwLCJiaWRfZmxvb3JfZmlsbGVkIjoyNCwiYXVjdGlvbl9jb3VudCI6NywicmVmcmVzaF9hZF9jb3VudCI6MCwiYXVjdGlvbl9kdXJhdGlvbiI6NDAyLCJtdWx0aV9hZF91bml0IjoyLCJtdWx0aV9hZF9jb3VudCI6MywibmV0d29ya19jb2RlIjoxMjU0MTQ0LCJkYXRhIjpbeyJuYW1lIjoiIiwidmFsIjoiIn1dLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0fV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ClUhe%2FxYJsQDoDf6pbJD6ltu608K2pAD%2FWRz0ZgNrCJYCyzJxStvb2wcmA0eBG6vrPvnqjt4S1aAeq4eayqjJ737swK6fsbUhhQZ1Px%2FqeAohRiFAJjgsLPpL9Woh2veFL4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31670fba2b7d-FRA
content-length: 0
cf-request-id: 083c1d346b00002b7de3828000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 53 KB
12 KB 409ms
408ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2197216232693548&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-2&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90&ris=1&rcs=5&prev_scp=iid2%3D190077%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1100%26sap%3D1100%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D6%26at%3Dmbf%26adr%3D399%26ezosn%3D4%26ga%3D2497208%26rid%3D99998%26pt%3D5%26al%3D1005%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-2-190077%26eb_br%3Dd31e71883d00099e275b6c5878eed023%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D1%26bvm%3D0%26bvr%3D7%26shp%3D1%26br1%3D32%26br2%3D600%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D146%252C193%252C133%252C67%252C119%252C122%252C142%252C20%252C26%252C135%252C187%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C19%2C20%2C17%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26refs%3D30%26lb%3D100%26reqt%3D1613205085287&eri=1&cookie=ID%3D98cf2d6add5d2188%3AT%3D1613205084%3AS%3DALNI_MbfIVyhtC9PALDCp06WWgmCL528Xg&bc=31&abxe=1&lmt=1613205085&dt=1613205085289&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=315&adys=1103&adks=2225908236&ucis=1t&ifi=65&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=970x-1&msz=970x-1&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=512&ohw=0&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1d3b9dee265bb8297e79d8e1d66737b6f1f4d74e26e3b33dcf100ba258e2ee0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12177
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame 95E3 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400&lang=en

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400&lang=en
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:19:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 403912
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:19:33 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 3361
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
501 B

57ms
57ms

Document
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmFHrbmtZZJWOWKAPvACSYJuXha502vVpiawtku18aTlBiBlmwHM3L0NWEy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:25 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 13-Feb-2021 09:31:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:25 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 95E3
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
0

57ms
57ms

Image
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Redirect headers

date: Sat, 13 Feb 2021 08:31:25 GMT
x-content-type-options: nosniff
server: safe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 246
x-xss-protection: 0

GET
H3-Q050 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/ Frame EB51 83 KB
20 KB 7ms
7ms Document
text/html 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f21ea3a8c4bd9bc377ecff3bdeb2e84fa9664456626862f1cbe4d7032630d93d

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Fri, 12 Feb 2021 05:14:43 GMT
expires: Sat, 12 Feb 2022 05:14:43 GMT
last-modified: Mon, 14 Sep 2020 08:30:23 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 20419
age: 98202
cache-control: public, max-age=31536000
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5D16 0
0 60ms
60ms Fetch
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5PAQXI4nYOz6N9S6x_AP5ZWXmALmh7jzYP3Kk6yUDJaCzYWIFhABIPT5xiVg9ZXOgeAEoAHZ39S7AsgBCakCDIq3q8vPsj7gAgCoAwHIAwiqBIACT9DlBSLifAQHBbNasQHAIsYJVwf--O_iKbiZeigZkfladEaRQdU4DVWyTvqY42_cQqJ8Nn-9Lj_QInNFxc4QphHjXfQ8CZlu69CSKbBVLNHC1IMV8UU4qUKaoEihIVd2FDI8E2JpWn09giJE_b_tCN73w6M9WVRdwq1R_7u-nL4tpuK43XlT4xQNVR6wfSttFO-WMud8MIYr4ym0yCl21T7t_2X8kBQyCRx7WXeYBjTeSrhCabwI7bIcKnrlhKHRbxRV0jzAo5NK0epDdtMbyv7T0o_CaIHxJqCPjYAkplD8FVEyJV7GB9ZIyPilBdUcvsyVbsXIS5dVBuOl-eIjmcAE45Kr_50D4AQBkgUECAQYAZIFBAgFGASgBi6AB4-gq8QBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOfaDtIIBwiAYRABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEw2yFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=u0ONB5QdzRo&template_id=419&tpd=AGWhJmvFWRizvjKg93xrNGWfncuCEFcuqLDv-TcVcXl4ZMYmhQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/ Frame 5D16 18 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/abg_lite_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:27:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 239
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7377
x-xss-protection: 0
server: cafe
etag: 10747045913157086108
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:27:26 GMT

GET
H3-Q050 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 5D16 3 KB
2 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/window_focus_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:15:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 953
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1546
x-xss-protection: 0
server: cafe
etag: 8852521427838746165
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:15:32 GMT

GET
H3-Q050 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5D16 107 KB
33 KB 32ms
32ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

sffe /

Resource Hash

782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1612960666436283"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 33367
x-xss-protection: 0
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/ Frame 5D16 14 KB
6 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210211/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:28:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 198
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6139
x-xss-protection: 0
server: cafe
etag: 15217341015479086142
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 27 Feb 2021 08:28:07 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 41 KB
10 KB 343ms
343ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2844081815541152&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=7&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C253%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D3%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D3%26stl%3D83%252C13%252C120%252C67%252C51%252C0%252C66%252C20%252C71%252C30%252C0%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D18%26reqt%3D1613205085389&eri=1&cookie=ID%3D98cf2d6add5d2188%3AT%3D1613205084%3AS%3DALNI_MbfIVyhtC9PALDCp06WWgmCL528Xg&bc=31&abxe=1&lmt=1613205085&dt=1613205085391&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1483&adks=279619605&ucis=1u&ifi=66&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=22

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

2034df1b8cb57f559973e3d59a56df824d0563e88af1bf35ee4dfd9ce26695d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10482
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 45 KB
11 KB 339ms
339ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=1463186625428702&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-box-1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ris=1&rcs=7&prev_scp=iid3%3D202977%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1102%26sap%3D1102%26a%3D%257C2%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D2%26reft%3Dn%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D0%26al%3D1000%26compid%3D0%26tap%3Dwinhelponline_com-box-1-202977%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D18%26bvm%3D0%26bvr%3D8%26shp%3D3%26acptad%3D1%26br1%3D4%26br2%3D650%26ezoic%3D1%26nmau%3D4%26mau%3D2%26stl%3D83%252C131%252C185%252C4%252C65%252C122%252C90%252C20%252C71%252C197%252C175%252C31%26deal1%3D21%2C22%2C23%2C24%2C25%2C26%2C20%2C17%2C20%2C17%2C19%2C20%2C17%2C18%2C19%2C20%2C17%2C18%2C19%2C20%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D18%26reqt%3D1613205085423&eri=1&cookie=ID%3D98cf2d6add5d2188%3AT%3D1613205084%3AS%3DALNI_MbfIVyhtC9PALDCp06WWgmCL528Xg&bc=31&abxe=1&lmt=1613205085&dt=1613205085425&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=1073&adys=1218&adks=1649313398&ucis=1v&ifi=67&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=300x262&msz=300x262&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=23

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

6ce93561c2fc9d5199a397e6ddb57a92db19d4fb2736982338fd9506ad42dfa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11069
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13239198186886646228/ Frame 95E3 5 KB
5 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

992b916b1c2bfee7168ae8984355f84db72b35b7d70080e7571709f0150fa266

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 07:24:08 GMT
x-content-type-options: nosniff
last-modified: Fri, 08 Jan 2021 15:04:45 GMT
server: sffe
age: 176837
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5185
x-xss-protection: 0
expires: Fri, 11 Feb 2022 07:24:08 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 95E3 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 95E3 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H3-Q050 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 26FF 143 B
250 B 24ms
24ms Document
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmFHrbmtZZJWOWKAPvACSYJuXha502vVpiawtku18aTlBiBlmwHM3L0NWEy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 13 Feb 2021 08:25:56 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 329
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 5D16 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c988562921aa066ad1aa5409fb5e219ebdd50c3be9fb2defddc3b322ed19eee

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame EB51 3 KB
609 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:regular,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

939f0d4b0cef8ef02116b8c35fb0cfb66dba982b95d1379b0c6337e545b0a5f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:23:36 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame EB51 16 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 04:25:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14745
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 14 Feb 2021 04:25:40 GMT

GET
H3-Q050 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame EB51 22 KB
9 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/index.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 22:10:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8867
x-xss-protection: 0
server: cafe
etag: 18043545750443934562
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 13 Feb 2021 22:10:28 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 348 B
183 B 254ms
253ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=975114392527007&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=7&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D8%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3De29f69dd468d31a5514dc9b5587ce757%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D16%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%2C21%2C22%2C17%2C20%2C21%2C22%2C17%2C19%2C20%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D60%26reqt%3D1613205085463&eri=1&cookie=ID%3D98cf2d6add5d2188%3AT%3D1613205084%3AS%3DALNI_MbfIVyhtC9PALDCp06WWgmCL528Xg&bc=31&abxe=1&lmt=1613205085&dt=1613205085466&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=1w&ifi=68&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&psts=AGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk%2CAGkb-H9awlplzm3R5rYar7qljqzk&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=24

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

878c03ea07cf88656d7aea6c98453633d66caa4802a86b301dfa3da8c5fd89fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame EB51 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:regular,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Montserrat:regular,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 15:30:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:12:14 GMT
server: sffe
age: 493230
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13708
x-xss-protection: 0
expires: Mon, 07 Feb 2022 15:30:55 GMT

GET
H3-Q050 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v15/ Frame EB51 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_dJE3gnD_vx3rCs.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:regular,700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4c6cf0709b8e52572cae1fb57128acd0a5a453c9ce99dc3712a1860ff90c6bf8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/css?family=Montserrat:regular,700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 20:12:24 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:15 GMT
server: sffe
age: 389941
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13612
x-xss-protection: 0
expires: Tue, 08 Feb 2022 20:12:24 GMT

GET
H3-Q050

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 26FF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
21 B

58ms
58ms

Document
text/html

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
URL: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmFHrbmtZZJWOWKAPvACSYJuXha502vVpiawtku18aTlBiBlmwHM3L0NWEy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:25 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 13-Feb-2021 09:31:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
expires: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 13 Feb 2021 08:31:25 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-Q050 200 avera_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/ Frame EB51 23 KB
24 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/avera_1.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9912fec9be93c40b8ac11b1d37b95239d7d74d21eea9031de6f7033df6d6ee7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 155817
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23210
x-xss-protection: 0
last-modified: Mon, 14 Sep 2020 08:30:23 GMT
server: sffe
date: Thu, 11 Feb 2021 13:14:28 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:14:28 GMT

GET
H3-Q050 200 genossenschaft.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/ Frame EB51 14 KB
14 KB 10ms
9ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/genossenschaft.png

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

937260733d0fe87acc40ca79f10101e59cc207882f7c724bf3d3cfcb969c6020

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 272444
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14116
x-xss-protection: 0
last-modified: Mon, 14 Sep 2020 08:30:23 GMT
server: sffe
date: Wed, 10 Feb 2021 04:50:41 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 04:50:41 GMT

GET
H3-Q050 200 genossenschaft_bg.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/ Frame EB51 76 KB
76 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8182301582077147863/Bank%20Avera%20-%20Genossenschaft%20-%20300x250/genossenschaft_bg.jpg

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e02439734cce2c29ad80aac951b5cf2af126b7cb28e589c79b9b1c792f45a91

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 272444
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77732
x-xss-protection: 0
last-modified: Mon, 14 Sep 2020 08:30:23 GMT
server: sffe
date: Wed, 10 Feb 2021 04:50:41 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 04:50:41 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
268 B 19ms
19ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMzYsMjgwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=kRgEaX32hcXFpGubBUydNiqGBjtkNwSkypTZ0ymL6g2eK2ZW5aWDu0eLQWWfBLb6JZS8PFur2tuZpy1tbWtiiqpyebxiyYQWAJ885tu2EN9sYG7h62lhGfe9LBEVIUvVKK8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31699cb22b7d-FRA
content-length: 0
cf-request-id: 083c1d35fa00002b7d853e4000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 20FD 180 KB
50 KB 30ms
15ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 20FD 13 KB
5 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233273
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:32 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 20FD 90 KB
27 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 20FD 3 KB
1 KB 30ms
16ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:20 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 20FD 41 KB
14 KB 26ms
13ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233303
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:02 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame 20FD 6 KB
701 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5018230bc803da921c5e52b4c9e13973754ca8819e302dfe47320decd606a335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:18:08 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 20FD 2 KB
3 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 20FD 295 B
389 B 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H3-Q050 200 6592766407814317453
tpc.googlesyndication.com/simgad/11987501799054099215/ Frame 20FD 76 KB
77 KB 7ms
7ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11987501799054099215/6592766407814317453

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a58b6eb4a7e2bee53bd024cf92512c4620a9aa7d14fa24200f00d240691f4ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 16:36:20 GMT
x-content-type-options: nosniff
age: 143705
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 78278
x-xss-protection: 0
last-modified: Thu, 07 Jan 2021 22:15:57 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 16:36:20 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/13141450845849524851/ Frame 20FD 995 B
1 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13141450845849524851/downsize_200k_v1?w=100&h=100

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d677db23965b30e66183daefe8aacae42392ca85c87bf38ae2fd754c095471d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 11 Feb 2021 13:51:13 GMT
x-content-type-options: nosniff
age: 153612
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 995
x-xss-protection: 0
last-modified: Tue, 02 Jul 2019 17:44:42 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 11 Feb 2022 13:51:13 GMT

GET
DATA 200
OK truncated
/ Frame 20FD 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame 20FD 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 227dca8a7b2f32007a53cba79d45710cc4c58ecb4e7ed1b8ce3726735d56c7a8

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 20FD 0
0 16ms
13ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRqoa-XkIRibbnN4TKL7Im0qfd8dFV51g5jfQw5DSdDByWadhvMs1b98Cb6w83boxo_oxNz3FS-4ndPZLTQpNNTkmcjdw
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 20FD 0
0 64ms
62ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CfA0-XY4nYLWGFYSn7gP2p53QA5nS1rhh6IHw7q4N2tkeEAEg9PnGJWD1lc6B4ASgAdOb7-YDyAEJ4AIAqAMByAMKqgTuAU_QWUaPnYrhfzprV0mhiGx9HWjvVHSA3Ny6j5vyO34PPMXIzgbHX1FhTmNgLwXCqbmH7rKYCzO8FxMOR8PGQQh08RlF9-4W905nK3AqFfUvQuDg45hjTOuUCuRrT-GJFSQ_dxMz34a9hR1yrklC_6VLDTy4by5Q0day8mV1V_myy-Tu-OyiEHYlQ-9fKFcWc1QWsP0pHn0q1lavl_43FHpa3eC8J1CxgIBqv95mFH9UKBO_GU9mO69qFgpgKu70cnfQJS8AuSK2XhjzVVAhIvwBb7eDMp8Ue1ow06rvi4kJSwSnCrlENx7uOJ3phw_ABILgx4CsA-AEAZIFBAgEGAGSBQQIBRgEoAYugAfg0s81qAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB_DgG6gH7paxAqgHpr4bqAfs1RvYBwDyBwQQ6MsT0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tOTMwNTk1ODM4ODI4MTA1M4AKA8gLAdgTAogUArIXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=YDDYSdJkwBQ&template_id=484&tpd=AGWhJmvA0vI73gLmWb9O0dR30CgfDD_ARe7o_CM4iAiTuvNo-g
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
295 B 19ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJyZWZyZXNoX2NvdW50IiwidmFsIjoiNiJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfYmlkX2hhc2giLCJ2YWwiOiJkMzFlNzE4ODNkMDAwOTllMjc1YjZjNTg3OGVlZDAyMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDMyLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMzIsImJpZF9mbG9vcl9wcmV2IjowLjAwMSwic3RhdF9zb3VyY2VfaWQiOjM1LCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImxvYWRlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE5MDA3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDg2LCJkYXRhIjpbeyJuYW1lIjoiY3JlYXRpdmVfaWQiLCJ2YWwiOiIxMzgzMTAwMzQ0ODYifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE5MDA3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0yLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NDg2LCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=NF7UAGHCs9S6myXnrJbwg9hm6gNYEw9jEeub9%2BSafLPLaVUKuZXTQMl0WJlc4YMrJ%2BVsKfpBjQjp9roZPcuThNpkwdfQo9Q4Y2Eia2RIHSeQOh8wZtYGFTwGPSZBtaBUDsc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3169dd152b7d-FRA
content-length: 0
cf-request-id: 083c1d362300002b7d81034000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 28ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
285 B 17ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJ0X2xvY2FsX2RhdGUiLCJ2YWwiOiIyMDIxLTAyLTEzIn0seyJuYW1lIjoidF9sb2NhbF9ob3VyIiwidmFsIjoiOSJ9LHsibmFtZSI6InRfbG9jYWxfZGF5X29mX3dlZWsiLCJ2YWwiOiI2In0seyJuYW1lIjoidF9sb2NhbF90aW1lem9uZSIsInZhbCI6Ii02MCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2kolIc7OVNPjhiHg%2BhhkVntW8VHAGIUPMLG2LTeeQvQlvKobwBCARg9NG%2BZ5sDQsnAPIr11mMaxRDIGb%2BLqAmygBwzlFxeiHviRiEhHuvG5mB8sKjO1pmh32XisTLYMuWQk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3169dd172b7d-FRA
content-length: 0
cf-request-id: 083c1d362300002b7dd4bd4000000001
expires: Fri, 12 Feb 2021 08:31:24 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
272 B 24ms
23ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImF1Y3Rpb25fZXBvY2giOjE2MTMyMDUwODYsImFkX3Bvc2l0aW9uIjoxMTAwLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiYmlkX2Zsb29yX2luaXRpYWwiOjEyMDAsImJpZF9mbG9vcl9wcmV2IjoxMDAsImJpZF9mbG9vcl9maWxsZWQiOjMyLCJhdWN0aW9uX2NvdW50Ijo2LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjo0MzAsIm11bHRpX2FkX3VuaXQiOjAsIm11bHRpX2FkX2NvdW50IjowLCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=h5Az937Aqh6yPxGeSgnXPZWScP7hSdYd9GdfP32nedYQi9PddfU9lfFPsCEHfXNZIvH%2FTA%2Bk7tDv1p2vAHHLCYhUrKJ6wNPOhnGZ9Q0ZyuRvxheSi63wVnMltyaSULklgcc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3169dd192b7d-FRA
content-length: 0
cf-request-id: 083c1d362300002b7d9c850000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
269 B 17ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6yKQxTbz4QiuFRNVOGASC7455AuktEoMpIXqkizKQBfCRvqa0QSaP5aoBjAJ9PpKBOQxhme0YNZBHcXGJVgG0fQKkNUIHH22XcrGGcT2YxrjV4q9iBe0Y7wOYurUfDuGEtk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3169ed312b7d-FRA
content-length: 0
cf-request-id: 083c1d362d00002b7d77172000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 20FD 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:25:25 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:58 GMT
server: sffe
age: 403560
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11020
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:25:25 GMT

GET
H3-Q050 200 KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ Frame 20FD 11 KB
11 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Tue, 09 Feb 2021 05:54:43 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:52 GMT
server: sffe
age: 355002
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11180
x-xss-protection: 0
expires: Wed, 09 Feb 2022 05:54:43 GMT

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame 5D3A 180 KB
50 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 5D3A 13 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233273
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:32 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 5D3A 90 KB
27 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 5D3A 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:20 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame 5D3A 41 KB
13 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233303
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:02 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D3A 2 KB
2 KB 9ms
9ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D3A 295 B
320 B 9ms
9ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
DATA 200
OK truncated
/ Frame 5D3A 220 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f01b0c400b4ab9ffd7a20b2538f70f61287439651b5cee7c0276a8c6af53828d

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 12362287147504838592
tpc.googlesyndication.com/simgad/ Frame 5D3A 25 KB
25 KB 11ms
9ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12362287147504838592?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnM28PBVx80do3kedTrG16r2lk2CQ

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcf22435d4ecceb89da89c9955de237e232ba6625623d718e0f2ed03ac6a7e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 22:29:13 GMT
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 16:42:05 GMT
server: sffe
age: 36132
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25201
x-xss-protection: 0
expires: Sat, 12 Feb 2022 22:29:13 GMT

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame 5D3A 0
0 15ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRSgj-7mRppVD5laIq_UYm4KtBSsAlVIdh9NUe5s7UCT3onGyLJ1KRXml_R9SXLrVOtw_oCfHgPzNczxmFOFyHQwJG_9w
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 5D3A 0
0 61ms
60ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CO7gIXY4nYJ-UG_Gwx_AP-fWtiAz9wKK3Yfe1j_GuDbWV_MIDEAEg9PnGJWD1lc6B4ASgAYaK8OgDyAEC4AIAqAMByAMIqgT1AU_Q0p1JxtJi72l0vuTEwhCd7tuJicMHUAcuMprnTA8aqVE3dbhFx_zKxfChqV3tyzdMPuQqaI11XjMq6ltQ6wSq7jkMGAxLG2cNuiCuiK7m-eCCgp41HYwiBEoSESzW5rtphdFYCgB5hq2hQAZYnUEEKLSyEa0LBajjcO2qRWe7kCl2Jw0mjVsPrL05q3N50FBhA82vBIckZkOvVw5ehtUsoOHCNS_RdR5XPtRxVpHpCYBV_EGp4GO58WSYzVuKjG8YIkMipVUosqJW2lqLM-i85ebtgRuNRHgihpvb1pAuDrruWePEqu1YFr29FEHFJd_K-3ddwASntrWksQPgBAGSBQQIBBgBkgUECAUYBKAGAoAH4vWPF6gH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfw4BuoB-6WsQKoB6a-G6gH7NUb2AcB8gcEEKfAAtIIBwiAYRABGB3yCBthZHgtc3Vic3luLTkzMDU5NTgzODgyODEwNTOACgPICwHYEwKyFxoKGAgAEhRwdWItNjM5Njg0NDc0MjQ5NzIwOA&sigh=94D3tgoWKnE&tpd=AGWhJmsLi6RdJYjZyFbIM0KGsV8uXrUrqk_44AfpY-go-pjJuQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
297 B 19ms
19ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDE4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDQzNTUzIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=8nmKZCX9tPfPuTa7L%2Bh33JX9fAUBsQQQpssOexTxPoE22DM2f2RRcd8%2B8J7W26zUOY3jQ%2Fl%2FhaZ5Wfaua2QasFGWYFn2v9KQK43PVhiV5c2xKam73EUMbu4rb%2BBKSctb9qY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a2d9c2b7d-FRA
content-length: 0
cf-request-id: 083c1d365600002b7dc688a000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 27ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
397 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=oFMJUCFOnRvF54yKqp%2FEa95CGRSr2CUl%2Fr2klefhwZtdVJK8LbliN1NSs3S5paGZM9tfO3KaUrhWNHnE9%2BImJ26eZMsC%2Bhu1HXgvGX863J0L%2FGxFzMfc24n5sDxdenvE0us%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a2d9f2b7d-FRA
content-length: 0
cf-request-id: 083c1d365700002b7dce209000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
390 B 16ms
15ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYXVjdGlvbl9lcG9jaCI6MTYxMzIwNTA4NiwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTMwMCwiYmlkX2Zsb29yX3ByZXYiOjE4LCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo4LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozNzQsIm11bHRpX2FkX3VuaXQiOjMsIm11bHRpX2FkX2NvdW50Ijo0LCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=VM5mhj1ZddkIbQLLWZFNVvFBNXsgXcdYi7Th8YkXldFxltGBpTEd6ulrW95IMLIdjTU9L6vGWN3Vf%2FGQb0pC4h3DgJ6pSiT3fkngcBPXuE3UP2s9GQQDU12GW3NBjJhroBo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a2da12b7d-FRA
content-length: 0
cf-request-id: 083c1d365700002b7dcb8d5000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012010270040000/ Frame CD29 180 KB
50 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51478
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "0305d7d21a7fe4a1"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CD29 13 KB
5 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233273
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4850
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:32 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "77bd676d834aaa8d"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:32 GMT

GET
H3-Q050 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CD29 90 KB
27 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 74500
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27668
x-xss-protection: 0
server: sffe
date: Fri, 12 Feb 2021 11:49:45 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1304c1c0caf7ca3c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 12 Feb 2022 11:49:45 GMT

GET
H3-Q050 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CD29 3 KB
1 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233285
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "12c034eb739190af"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:20 GMT

GET
H3-Q050 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012010270040000/v0/ Frame CD29 41 KB
13 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012010270040000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/esm/ https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/mp/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sp/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 233303
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13075
x-xss-protection: 0
server: sffe
date: Wed, 10 Feb 2021 15:43:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "1e8a1dae72af56cd"
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 10 Feb 2022 15:43:02 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame CD29 1 KB
451 B 17ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&lang=de

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0f4831384e5f952f5be620c856801cbe0f152c7d7e73dedb1716f68ca2a49ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:31:25 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 css
fonts.googleapis.com/ Frame CD29 1 KB
474 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400&text=

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a0f4831384e5f952f5be620c856801cbe0f152c7d7e73dedb1716f68ca2a49ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 08:21:13 GMT
server: ESF
date: Sat, 13 Feb 2021 08:31:25 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CD29 2 KB
2 KB 8ms
7ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CD29 295 B
320 B 8ms
8ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
DATA 200
OK truncated
/ Frame CD29 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0ea437031cdcc9faee283a52e9c05d1fb03b17315905b525237e7597c6d3c0de

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15120103828216719059/ Frame CD29 10 KB
10 KB 10ms
8ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15120103828216719059/downsize_200k_v1?sqp=4sqPyQSWAUKTAQgAEhQNzczMPhUAAABAHQAAAAAlAAAAABgAIgoNAACAPxUAAIA_Kk8IWhABHQAAtEIgASgBMAY4A0CAwtcvSABQAFgAYFpwAngAgAEAiAEAkAEAnQEAAIA_oAEAqAEAsAGAreIEuAH___________8BxQEtsp0-MhoIrAIQnQEYASABLQAAAD8wrAI4nQFFAACAPw&rs=AOga4qklnFqmzfNTaOverVglCpLgzXWGww

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a90b5610c694e12e819322fc41fe66be02a32920a462ae656b9074d1de49d466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 23:27:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 12:43:23 GMT
server: sffe
age: 464655
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10250
x-xss-protection: 0
expires: Mon, 07 Feb 2022 23:27:10 GMT

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame CD29 0
0 63ms
61ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CkK96XY4nYKmkHY3v7gP_jI-QDuGZg7RhnLTF_ZANx-u_2roBEAEg9PnGJWD1lc6B4ASgAaehkKgCyAEGqQIndYWZtFW0PuACAKgDAcgDCqoE_QFP0C5xrqF9JpP4wd5XVWC6BCQk7B7IJBF-4YjzHe7HERfVOzo93OLN_WTrfaRzGsJy9AIbWw77H_8-CSa97jOpoiJN8LaXyOOwDeWw2Qm7GSsAKqAomt7u03cP-Zc5bJ2bBTcdKxaF3-I9ZSjgbZEwmCMEICWaHS46BYZzabOdXcBMseeFqyGD404YgXkn4RtwkpZGstTP-TtWkdQyM15-c0nszGrLtvd8AcHHtIrRiWtEgzhPYU4WDi39ID08fETUPEUgO82UlHpO9kCqBJzISUtQmiq14l-R6zJOXa8rjdq90gH1dxxft9cI73LXZJrtDf5Rrw4BYjDoIonnwATUpa2ZyQPgBAGSBQQIBBgBkgUECAUYBKAGN4AHwd7v1wGoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH8OAbqAfulrECqAemvhuoB-zVG9gHAfIHBBCnwALSCAcIgGEQARgd8ggbYWR4LXN1YnN5bi05MzA1OTU4Mzg4MjgxMDUzgAoDyAsB2BMCshcaChgIABIUcHViLTYzOTY4NDQ3NDI0OTcyMDg&sigh=cEEsO8tsotU&template_id=492&tpd=AGWhJmsUiN_a0HbncG-XvzbjBy0VVnYEDP7E3AYO_Y7ogLzWdQ
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 204 l
www.google.com/ads/measurement/ Frame CD29 0
0 15ms
13ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTG7HEr9chkCtjrpNg07mayhurtVky-3Z7NlMs-TmICERCV1REd4MayS4vaawK4HPBTeptdQrA2pcOT0uGHGlnI-jPZ4Q
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
293 B 22ms
21ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InJlZnJlc2hfY291bnQiLCJ2YWwiOiI4In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2JpZF9oYXNoIiwidmFsIjoiOWMzZTRlZThlYWU3ZjE0MzNjYjJmZTY5YjEzMjY2MDUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLjAwMDA0LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAuMDAwMDQsImJpZF9mbG9vcl9wcmV2IjowLjAwMDE4LCJzdGF0X3NvdXJjZV9pZCI6MzUsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibG9hZGVkIiwidmFsIjoiMSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImNyZWF0aXZlX2lkIiwidmFsIjoiMTM4MzEwMDM0NTg1In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoibGluZWl0ZW1faWQiLCJ2YWwiOiIyODY4NzI3NCJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=SUk75epp8OlVo2xD5Pubc%2Bq9Osw5CB6t30CwpwkTzPoY6bcBU07w9SS0y9h1TcRNTlQCkyGqkcGnYuFTAC0WjzVFS7RapOsZe63U6TFI5xz554WpYMVhbosPgbWg%2Fp6gbCc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a5dee2b7d-FRA
content-length: 0
cf-request-id: 083c1d367600002b7d7606b000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 28687274 Show response
g.ezoic.net/dac/ 0
17 B 27ms
27ms XHR
text/plain 18.156.95.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://g.ezoic.net/dac/28687274
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/porpoiseant/banger.js?cb=192-8&bv=3&v=39&PageSpeed=off
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.156.95.187 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-156-95-187.eu-central-1.compute.amazonaws.com
Software: nginx/1.16.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 13 Feb 2021 08:31:25 GMT
cache-control: max-age=3600, public
server: nginx/1.16.0
content-length: 0
vary: Accept-Encoding
content-type: text/plain

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
284 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InRfbG9jYWxfZGF0ZSIsInZhbCI6IjIwMjEtMDItMTMifSx7Im5hbWUiOiJ0X2xvY2FsX2hvdXIiLCJ2YWwiOiI5In0seyJuYW1lIjoidF9sb2NhbF9kYXlfb2Zfd2VlayIsInZhbCI6IjYifSx7Im5hbWUiOiJ0X2xvY2FsX3RpbWV6b25lIiwidmFsIjoiLTYwIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4BHgh2i0dUjBIC0%2B3OYtfQ%2FSryhiUuZ8i0GYni6Z%2BGRv1O0ITKJPtO8WYBZO8ymjWyjjzaivytYNvttam0ItmddwOLY8fqwwPUi6EW26NxOS46A7fzGFwsLeBUuF2DfNTDo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a5df12b7d-FRA
content-length: 0
cf-request-id: 083c1d367600002b7df099d000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
270 B 16ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImF1Y3Rpb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYXVjdGlvbl9lcG9jaCI6MTYxMzIwNTA4NiwiYWRfcG9zaXRpb24iOjExMDIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJiaWRfZmxvb3JfaW5pdGlhbCI6MTMwMCwiYmlkX2Zsb29yX3ByZXYiOjE4LCJiaWRfZmxvb3JfZmlsbGVkIjo0LCJhdWN0aW9uX2NvdW50Ijo4LCJyZWZyZXNoX2FkX2NvdW50IjowLCJhdWN0aW9uX2R1cmF0aW9uIjozNzAsIm11bHRpX2FkX3VuaXQiOjIsIm11bHRpX2FkX2NvdW50Ijo0LCJuZXR3b3JrX2NvZGUiOjEyNTQxNDQsImRhdGEiOlt7Im5hbWUiOiIiLCJ2YWwiOiIifV0sImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzR9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XAdjdeAy8pEiqZIlCxzCy0L2nxPlcy1d2gW0rYR2%2FQ95WQecID7J38wT3HOCjDhji%2BTBGKz6VU0gJalQgCA6WvhN3HBsHdtoNxKKGdWNshJ5NUD5xf45tc53uwQaAaSQSiA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316a5df22b7d-FRA
content-length: 0
cf-request-id: 083c1d367700002b7db6a02000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0AC0 42 B
725 B 96ms
83ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssDo87Vx8vH6j2fSkRoM8kPyEABWtXUPLN2ks1L0ZzdjHHRf_SMxSNQtfXL1_mYAER9vDH2uYm0lG2lmXDld_KH1E4O3khlt7-fERIbUbhOgS1z5MprT87zHPy8Mo4EcSaWt0sLaCHo2LGnzhzOyL4&sai=AMfl-YTDD2YhenMvMRX_qWp5LRjospBvvwL4qIL8P-oaDpkvFntHnnODKwFekZ-UzniSSSXRsNDIEu58eh0mZqVhSZ_HMA-Cf8_XCKRd8knFsRsNCX6-ipCEWqKzboW1&sig=Cg0ArKJSzDgcbPCp2Ie7EAE&cid=CAASFeRoVhJTj3n_JfYxHxZCCqDDObx9lQ&id=osdim&mcvt=1022&p=205,327,372,627&mtos=1022,1022,1022,1022,1022&tos=1022,0,0,0,0&v=20210210&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=9&adk=1505197098&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613205084653&dlt=9&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ Frame CD29 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400&lang=de

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.winhelponline.com
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400&lang=de
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 08 Feb 2021 16:19:33 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 403912
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Tue, 08 Feb 2022 16:19:33 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
271 B 19ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:25 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=t57MVLc%2BRlsSaI6MaWCxDoce3htxiStphTeAB5A3SJp8gD2ulyBP38dxXFQ1RnU671yrHFePnEwQlptskeBB7Csr3tEMBRniFMDMaDMoMVZ%2FzAauw6AW%2B5DiBHtnIk6NYrM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316adf242b7d-FRA
content-length: 0
cf-request-id: 083c1d36ca00002b7dd9108000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame FE52 42 B
66 B 48ms
47ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssT9e1jCz43htsucyWPQEDBN1dz2Yd259AIjTitKCuVK61L9zSc4WrZpsbZBnuDH2BUGvC-OixZkiiujeHxpdR26SGROQx0xevPfddpY4VTmZhc3xUYpq9b1rhsLSICmKNOc9cxjNPYMCqEf_in4w&sai=AMfl-YT0HfWvI0_bxNCMlcd3VX8-l-KM07i8VFRplCP4EjBFnZBJXipV0qUh-5_8qE3wrgiLbfv9zWczNCotCkUoB4CmIVZ3WdVkzzfM6heB36Kq3JNa-pYUN3r_Q1xg&sig=Cg0ArKJSzNyasXlmtOrhEAE&cid=CAASFeRo0kCzhbLXjK6ZnUwKgKuE9raEAw&id=osdim&mcvt=1041&p=205,650,455,950&mtos=1041,1041,1041,1041,1041&tos=1041,0,0,0,0&v=20210210&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=4&adk=1970382492&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613205084743&dlt=19&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:25 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 20FD 2 KB
2 KB 6ms
5ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 20FD 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H3-Q050 200 12362287147504838592
tpc.googlesyndication.com/simgad/ Frame 5D3A 25 KB
25 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12362287147504838592?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnM28PBVx80do3kedTrG16r2lk2CQ

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dcf22435d4ecceb89da89c9955de237e232ba6625623d718e0f2ed03ac6a7e7b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 22:29:13 GMT
x-content-type-options: nosniff
last-modified: Fri, 12 Feb 2021 16:42:05 GMT
server: sffe
age: 36132
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25201
x-xss-protection: 0
expires: Sat, 12 Feb 2022 22:29:13 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D3A 2 KB
2 KB 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 5D3A 295 B
320 B 6ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H3-Q050 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 46 KB
11 KB 205ms
204ms XHR
text/plain 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=120932513717314&correlator=2306737699929467&output=ldjh&impl=fif&adsid=NT&eid=21068773%2C21068891%2C21069980%2C31060147&vrg=2021021101&ptt=17&guci=2.2.0.0.2.2.0.0&sc=1&sfv=1-0-37&ecs=20210213&iu_parts=1254144%2Cwinhelponline_com-medrectangle-3&enc_prev_ius=%2F0%2F1&prev_iu_szs=468x60&ris=1&rcs=8&prev_scp=iid2%3D196225%26t%3D134%26d%3D105367%26t1%3D134%26pvc%3D0%26ap%3D1128%26sap%3D1128%26a%3D%257C1%257C%26as%3Drevenue%26plat%3D1%26bra%3Dmod1%26ic%3D9%26at%3Dmbf%26adr%3D399%26ezosn%3D5%26reft%3Dtf%26refs%3D30%26ga%3D2497208%26rid%3D99998%26pt%3D21%26al%3D1021%26compid%3D0%26tap%3Dwinhelponline_com-medrectangle-3-196225%26eb_br%3D9c3e4ee8eae7f1433cb2fe69b1326605%26eba%3D1%26ebss%3D10017%2C10082%2C10061%26asau%3D4511284716%26bv%3D19%26bvm%3D0%26bvr%3D9%26shp%3D1%26br1%3D4%26br2%3D1400%26ezoic%3D1%26nmau%3D0%26mau%3D0%26stl%3D34%252C0%252C28%252C4%252C45%252C122%252C66%252C13%252C71%252C30%252C0%252C31%26deal1%3D23%2C24%2C25%2C26%2C21%2C22%2C21%2C22%2C21%2C22%2C21%2C22%2C17%2C20%2C21%2C22%2C17%2C19%2C20%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%2C17%2C18%2C19%2C20%2C21%2C22%26ax_ssid%3D10082%26amznbid%3D2%26amznp%3D2%26amznsz%3D0x0%26lb%3D16%26reqt%3D1613205085970&eri=1&cookie=ID%3D98cf2d6add5d2188%3AT%3D1613205084%3AS%3DALNI_MbfIVyhtC9PALDCp06WWgmCL528Xg&bc=31&abxe=1&lmt=1613205085&dt=1613205085973&dlt=1613205078321&idt=483&frm=20&biw=1600&bih=1200&oid=3&adxs=295&adys=11850&adks=3297578832&ucis=1x&ifi=69&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.winhelponline.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=785x60&msz=468x60&ga_vid=430508116.1613205079&ga_sid=1613205079&ga_hid=1045117176&fws=0&ohw=0&btvi=25

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021021101.js?31060147

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

688c182aa63c69d301fd45421dd253eebbd3a0041a7e86417d7e8eef99307e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11116
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.winhelponline.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/15120103828216719059/ Frame CD29 10 KB
10 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a90b5610c694e12e819322fc41fe66be02a32920a462ae656b9074d1de49d466

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sun, 07 Feb 2021 23:27:10 GMT
x-content-type-options: nosniff
last-modified: Thu, 25 Jun 2020 12:43:23 GMT
server: sffe
age: 464655
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10250
x-xss-protection: 0
expires: Mon, 07 Feb 2022 23:27:10 GMT

GET
H3-Q050 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CD29 2 KB
2 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 12 Feb 2021 12:56:43 GMT
x-content-type-options: nosniff
server: cafe
age: 70482
etag: 14819457070020093239
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Sat, 13 Feb 2021 12:56:43 GMT

GET
H3-Q050 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame CD29 295 B
320 B 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 13 Feb 2021 04:25:38 GMT
x-content-type-options: nosniff
server: cafe
age: 14747
etag: 426692510519060060
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
content-type: image/png
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Sun, 14 Feb 2021 04:25:38 GMT

GET
H2 200 audins.js Show response
go.ezoic.net/detroitchicago/ 466 B
872 B 30ms
7ms Script
application/javascript 2600:9000:20eb:2400:2:cb38:840:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://go.ezoic.net/detroitchicago/audins.js?cb=192-8
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:2400:2:cb38:840:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.0 /
Resource Hash: fd78f51affedcaa173cd1f15fca8f1fbecdbaafa7020cec2ae0fe3befbed5ea1

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 10 Feb 2021 01:10:13 GMT
via: 1.1 37c215a6cf8b04439db2f97a633421e6.cloudfront.net (CloudFront)
last-modified: Sat, 06 Feb 2021 00:16:56 GMT
server: nginx/1.16.0
age: 285673
etag: "1d2-5ba9fdabdee00;5ba9fdabdee00-gzip"
vary: Accept-Encoding,Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=31536000, public
x-amz-cf-pop: FRA2-C1
accept-ranges: bytes
x-robots-tag: noindex
content-length: 466
x-amz-cf-id: tfU1l0zejNWBUmAphcfu3XfIDp6oe257ncXkMtYi2MaYR5CyqFxCUw==

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
390 B 20ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE5NjIyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEyOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTUwMyJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMzkifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJ3b3Jkc19iZWZvcmUiLCJ2YWwiOiIzOSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2HKxnPUNc7o0dxWreuUiHwjBNOHPciJVVBH3Q5mOBGeJawt7Im%2FYzd10lhDla7YBCNuFAGMsfb4CUHyopfgWyyDAcQMETEKjTJ3GCqXx8J3NS3bdPeyRgWKE2YZPjgTHp2w%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316c093b2b7d-FRA
content-length: 0
cf-request-id: 083c1d378400002b7dc19ab000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
297 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjM5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6IndvcmRzX2JlZm9yZSIsInZhbCI6IjU5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTE5In1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTYyIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoid29yZHNfYmVmb3JlIiwidmFsIjoiMTY1In1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=6CAtYn%2FGR3mLVn0jAyfkAMsZJU8%2FBIVlFRl1DCKsaiQN6YK5ofigiDSMcIMP88WAGIZoNMdsLwUrx%2FPjzco3yHL7P773lhzqrWClyy8gzHXMHH3xFGgomkjK6zw2vB4APT4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316c093e2b7d-FRA
content-length: 0
cf-request-id: 083c1d378500002b7dfc288000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
377 B 31ms
30ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTg3Njc1IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTExLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0MzgsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjQwNSJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTA5OCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjE5NjIyNSIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLW1lZHJlY3RhbmdsZS0zLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEyOCwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjAsImNyZWF0aXZlX2lkIjowLCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIyOTUifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjExODUwIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjAifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjEwODkifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6InRydWUifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTAiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoicG9zX3giLCJ2YWwiOiIzMTUifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjIwNSJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjYzOCJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMjA1In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9XQ==
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UL%2BJfISqcZJ0XW%2BWF2aeSDDN8bqzPQrL4DQnFVW9rZkNLyRcu%2BkBRAvQjIkknrVsCa93YhrKN58z8mrK3Vyvwv3rr8E%2BrcDO%2B4fSdiNf55HoQ%2F0w38c7SCKwGq3GoLizch0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316c09472b7d-FRA
content-length: 0
cf-request-id: 083c1d378600002b7d83a06000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
278 B 20ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiOTYyIn0seyJuYW1lIjoicG9zX3kiLCJ2YWwiOiIyMDUifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTA3MyJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiNjg4In0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTA3MyJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiOTUzIn0seyJuYW1lIjoiaXNfZmxvYXRpbmciLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InBvc194IiwidmFsIjoiMTA3MyJ9LHsibmFtZSI6InBvc195IiwidmFsIjoiMTIxOCJ9LHsibmFtZSI6ImlzX2Zsb2F0aW5nIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJwb3NfeCIsInZhbCI6IjEwNzMifSx7Im5hbWUiOiJwb3NfeSIsInZhbCI6IjE0ODMifSx7Im5hbWUiOiJpc19mbG9hdGluZyIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JlEFNuUxN25z%2BaE%2FfW2Owc%2BaD81BOd3fmdJofCOOL1IRQ61akDTSaR6wOxfVDBtQtBJ9xepZ2PU%2BgM%2F9XNyTO6gWZ9baTJQyn2Yqmx7LO6AbvhiP7UIyTDFEGOy8PrS%2BQig%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316c09482b7d-FRA
content-length: 0
cf-request-id: 083c1d378600002b7dd4bf1000000001
expires: Fri, 12 Feb 2021 08:31:25 UTC

GET
H2 200 quant.js Show response
secure.quantserve.com/ 23 KB
9 KB 8ms
8ms Script
application/javascript 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: go.ezoic.net
URL: https://go.ezoic.net/detroitchicago/audins.js?cb=192-8
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 437afd9de21717c919be3f40f686b33170f2447dc03ded0fc00ac0cc41839854

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
content-encoding: gzip
etag: "8q1rat7Mm9i+FVcOidF8/g=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Sat, 20 Feb 2021 08:31:26 GMT

POST
H2 200 v2rajoUxWuYfCSmIfR9R26vYyvO_Kpi7CcXBavt653T_dxwL-Zi6-r0_Gxkmv05maWDUQlAU Show response
absorbingcorn.com/ 197 B
280 B 39ms
39ms Fetch
application/json 35.190.64.11
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://absorbingcorn.com/v2rajoUxWuYfCSmIfR9R26vYyvO_Kpi7CcXBavt653T_dxwL-Zi6-r0_Gxkmv05maWDUQlAU

Requested by

Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/tulsa.js?gcb=192-8&cb=5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.190.64.11 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

11.64.190.35.bc.googleusercontent.com

Software

Resource Hash

174d66456283644e448a9b366e6b45299f086fe798c286d951b46a0df0d843ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
x-datacenter: gce-europe-west1
date: Sat, 13 Feb 2021 08:31:26 GMT
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.winhelponline.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-hostname: 711b148b
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
content-length: 197
expires: Sat, 13 Feb 2021 08:31:25 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
296 B 18ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiMzQifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=i18Ph2Xx33gMYIQ1JFdL1tg5ObFQwnxTyp4jaRawqC%2F8NR60WoVxwYVUUu0Yy6zFhz55SS7EN6Im3TTEaI5nJjoZiCj%2FKgtmv0qp8P%2F01YF6SkcEBmH6%2BoR0nisEHiBtQ7E%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316ccaaf2b7d-FRA
content-length: 0
cf-request-id: 083c1d37f900002b7dd911e000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 rules-p-31iz6hfFutd16.js Show response
rules.quantcount.com/ 3 B
349 B 6ms
5ms Script
application/x-javascript 2600:9000:206f:1c00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-31iz6hfFutd16.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:1c00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 12 Feb 2021 15:08:41 GMT
via: 1.1 c888f786e25e6e3c7dbb7e9da462d715.cloudfront.net (CloudFront)
last-modified: Sat, 04 Mar 2017 19:50:24 GMT
server: AmazonS3
age: 62566
etag: "8a80554c91d9fca8acb82f023de02f11"
x-cache: Hit from cloudfront
content-type: application/x-javascript
cache-control: max-age=86400
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-length: 3
x-amz-cf-id: 7EY5kc7df3rGYT0WzRVoTD9W2H4daG_7S3IM-JuqZR-4QOKtDbGsQA==

GET
H2 200 greenoaks.gif Show response
www.winhelponline.com/detroitchicago/ 0
283 B 16ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/detroitchicago/greenoaks.gif?orig=0&ds=W3sidHlwZSI6InBhZ2V2aWV3IiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJkb21haW5faWQiOiIxMDUzNjciLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJkYXRhIjpbeyJuYW1lIjoiZGlzcGxheV9hZF92aWV3cG9ydF9weCIsInZhbCI6IjQyOTIyMiJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfdmlld3BvcnRfY291bnQiLCJ2YWwiOiI3In0seyJuYW1lIjoibmF0aXZlX2FkX3ZpZXdwb3J0X3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF92aWV3cG9ydF9jb3VudCIsInZhbCI6IjAifSx7Im5hbWUiOiJkaXNwbGF5X2FkX2RvY19weCIsInZhbCI6Ijc2NjExMCJ9LHsibmFtZSI6ImRpc3BsYXlfYWRfZG9jX2NvdW50IiwidmFsIjoiMTAifSx7Im5hbWUiOiJuYXRpdmVfYWRfZG9jX3B4IiwidmFsIjoiMCJ9LHsibmFtZSI6Im5hdGl2ZV9hZF9kb2NfY291bnQiLCJ2YWwiOiIwIn0seyJuYW1lIjoidmlld3BvcnRfc2l6ZSIsInZhbCI6IjE2MDB4MTIwMCJ9LHsibmFtZSI6InZpZXdwb3J0X3B4IiwidmFsIjoiMTkyMDAwMCJ9LHsibmFtZSI6ImRvY19weCIsInZhbCI6IjE5NjUxMjAwIn0seyJuYW1lIjoiZG9jX2hlaWdodCIsInZhbCI6IjEyMjgyIn1dfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tdQcJJqeYqeu0%2FSZtpv5gc7lgpip24gDoZu2VMtSo2dwfbYrmMuzdEBXr20mCwFssJbRxyBF5ilCbX4nYaVfN1J8t%2Ftir8%2BnzNzyqT7HcbqRcH4fo2s7AG%2B1L40IowKI7J0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316cdae82b7d-FRA
content-length: 0
cf-request-id: 083c1d380b00002b7dd4bfc000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
274 B 32ms
32ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=N%2BaAt9Jv%2Fqr5t0vVzMlLJ2zEuG5NyyM6PuRTpB5f1dCat0sQ%2FLUdmy3mckt1SC9zGgZpLUH8gTsNhFEeImtRFg9F2B%2FNzrxEh6fvQIMbnrS%2FgAraqUik5hJFotZ1km71Kho%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316ceafc2b7d-FRA
content-length: 0
cf-request-id: 083c1d381200002b7d77195000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 pixel;r=1425443391;labels=Domain.winhelponline_com%2CDomainId.105367;rf=0;uht=2;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.winhelponline.com%2F;fpan=1;fpa=P0-1948498483-1613205086273;ns=0;ce=1;qjs=1;q...
pixel.quantserve.com/ 35 B
371 B 8ms
7ms Image
image/gif 2620:116:800d:21:f916:5049:f87f:108e
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1425443391;labels=Domain.winhelponline_com%2CDomainId.105367;rf=0;uht=2;a=p-31iz6hfFutd16;url=https%3A%2F%2Fwww.winhelponline.com%2F;fpan=1;fpa=P0-1948498483-1613205086273;ns=0;ce=1;qjs=1;qv=58f0669e-20201210192756;cm=;gdpr=0;ref=;d=winhelponline.com;je=0;sr=1600x1200x24;dst=1;et=1613205086273;tzo=-60;ogl=locale.en_US%2Ctype.website%2Ctitle.Winhelponline%252Ecom%20-%20Productivity%20Tips%20for%20Windows%2Cdescription.Productivity%20Tips%252C%20Windows%20Troubleshooting%20%26%20Customization%2Curl.https%3A%2F%2Fwww%252Ewinhelponline%252Ecom%2Fblog%2F%2Csite_name.Winhelponline

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:f916:5049:f87f:108e , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:26 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
276 B 17ms
16ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UKMDf0ryCRLkw6leEYsqIe7DGVUZlTgfimGJ%2FaveFkvVb%2FlZOAVyShri8UaGtJuoqAdqRaa9oy3%2FCvpdnAC7xGtkCU%2Fk1Um7kWQ%2F0QzvV2Masm5z5vnuSQBuPI7JvR6wvR4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316d3b842b7d-FRA
content-length: 0
cf-request-id: 083c1d384500002b7db1adf000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A18B 42 B
89 B 46ms
46ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsup8e0EBYGXiPeAhc3DdFfzVOzmZDK0M1FWdVKo0GKlamAWCHYidLW6wvaerN_TP11AK3Zs2wKaTj0mdCdxVSj6NahsLWQnFzXXJ1Do0FI-YyJKsT84A7b7jVk&sai=AMfl-YQwEtSA4jJT22g0ajk6URWFOhR7lfUyYxBQtHSa_6SJ4-gyNu46KYEzhokQp0FnK6y7w3ahDuqVgXLU-FwRDzGqoFflw3buTGgs_VmwvuTL-zMd-uiCq5mdLdM&sig=Cg0ArKJSzBntkSVLseYAEAE&cid=CAASFeRoeRxn0rFuZ6ri5k5cjdBI9UU40Q&id=osdim&mcvt=1037&p=953,1073,1203,1373&mtos=0,1037,1037,1037,1037&tos=0,1037,0,0,0&v=20210210&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&app=0&itpl=2&adk=1611167343&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613205085124&dlt=13&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
297 B 21ms
20ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywicmV2ZW51ZSI6MCwiZXN0X3JldmVudWUiOjAsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiYmlkX2Zsb29yX2ZpbGxlZCI6MCwiYmlkX2Zsb29yX3ByZXYiOjAsInN0YXRfc291cmNlX2lkIjowLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6InZpZXdlZCIsInZhbCI6IjEifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=wGcDPHzVnuQSMOGANDyejdpmHjMKQH6xOHrun3CVsKlaDVVNIS93ym0gG2nl8hzeC4jsDobFqizWipTvvwMaGP2CTP24%2B%2F6UxTe3f9GyO%2Fl1Fas061Fvv%2BcuDJFAUwgsvKc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316e9de62b7d-FRA
content-length: 0
cf-request-id: 083c1d391a00002b7d76bfe000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H3-Q050 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 95E3 0
0 62ms
62ms Image
text/html 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C5xh8XI4nYPe-OJCEgAf_z7KYA7_K8_lg6da9tpAN2tkeEAEg9PnGJWD1lc6B4ASgAemc1dEDyAEGqQIMirery8-yPuACAKgDAaoE9AFP0CwENI7EY0zrrHqEp4xkrlIJvy6kx4rehOsGZvOJMr2umQduf9VqoFS_kOhFZc7xHngnm2jtA1OF3oArntmWY7VmlS4m0mNiwi5q5Ck2uHbhdJ8NeCeJ4yAgbcFfGSQmwYQNdzKG0RjFpsCYdpBgfZwUbmhMNMun3ioXgpydb-27cb8SBAiaXGuX1UlhGHGIg0UmvU4gfK-4EsvHYnG9OuMkFKf3zsN4EvBAYgLFATpQqRGuec2jZadj3qHubL5Sx6GMur4ZXU5wocRnrnmBrgIEmBxGIerM90d5-uESz5WDLLrMLQQ-MfwrufFEYtPnhbEEwATl4s7grgPgBAGgBjeAB4DEijCoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQiIYL0ggHCIBhEAEYHfIIG2FkeC1zdWJzeW4tOTMwNTk1ODM4ODI4MTA1M4AKA8gLAdgTA7IXGgoYCAASFHB1Yi02Mzk2ODQ0NzQyNDk3MjA4&sigh=xrSRri2tdKE&vt=1&template_id=492
Protocol: H3-Q050
Security: QUIC, , AES_128_GCM
Server: 142.250.185.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 95E3 42 B
168 B 66ms
66ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvCXu2MXFIvXv587XRM-aFE7oADREPuN3C7_UHF2Cm-LUHQ51CLlkqNYpwX72tAJxp1FXnhxKtu3v7pIhWsf4TNGPmcpQDUrGdqaHlWDooW74TF0ohxSpMUXvkhGBjOYnQSnOh2woNEU4f2xoNRGw&sai=AMfl-YQNr-SnBG60kPHEgiZPu_XP3wchxRzhmkEbMzT4Sl_ulxM0RjhbWrXH4Dm9OWpr2qoIfGe0eqwBPABb_HMfdM7vw2F7bN01tQU6B5Q2ZctIBjdoHWr3crJzKsk&sig=Cg0ArKJSzBKtFIVFEhM7EAE&cid=CAASFeRoIdn1cOiIrcQQiG6tvLBJ1anLsA&id=ampim&o=1073,688&d=300,250&ss=1600,1200&bs=1600,1200&mcvt=1020&mtos=0,0,1020,1020,1020&tos=0,0,1020,0,0&tfs=166&tls=1186&g=100&h=100&tt=1186&r=v&avms=ampa&adk=3917434485

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-Q050 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5D16 42 B
66 B 48ms
48ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsva9mtryeV8pzWDVG_NShAbabGAj9IDtjkSKp0HCUZrVhVF8ApNtXDHvXsx3yRgIZFmFVAnloQ-GOKwCv5ujOojdbzLIK3CEo4p7N6MSDO5Pewq65m98lY0dKS9stZEh7qakwQSxqnqT65nzdWro20&sai=AMfl-YRbqXX3-qBSZSpnd3UAHvDQIUtcQv1Yu2ioVat608328UZOOOCEgpq4U7IoP1ffwfRmy1FgH9Q7FXT2vnvIJBBYMMMWsPu1D4mOv9J9xlwu7phdZn-TQUpCNI12&sig=Cg0ArKJSzOPKgNLqHDYkEAE&cid=CAASFeRot_XhWwQUp-KSbF7e-mHX3dDvWQ&id=osdim&mcvt=1023&p=205,973,455,1273&mtos=1023,1023,1023,1023,1023&tos=1023,0,0,0,0&v=20210210&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=2&adk=3314737083&rs=4&met=mue&la=0&cr=0&osd=1&vs=4&rst=1613205085264&dlt=34&rpt=1&isd=0&msd=0&r=v&uup=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com/safeframe/1-0-37/html/container.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:26 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
390 B 17ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OLphisdw1jM7RuzjJtnFWVi46edPr1ZiXsbJ83qcxYCeLHyn0RPPy5SRBcdOzc8%2BaJRg8ZRbXbiLNyOLwaaNY%2FKNJoZ0NPsA36zcbyYqKBHHUFi1K79fvmuxPudFVnxw7Ac%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316eee842b7d-FRA
content-length: 0
cf-request-id: 083c1d394d00002b7d8c294000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
275 B 18ms
18ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8xIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzEiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMSIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=L164%2FXbgfzJl4cWTGwBJzMXgyhbxVpqvlkrA1CQ9y02NmF2rxf2amSMv6fSkPftZA1jnzArEEwM9N9N5Mr%2Bmw%2BqD7gwBMwq1ebKv4r9M7Yuz%2B2x%2FS29CQNEi4vgoItQPU1c%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d316f9fcc2b7d-FRA
content-length: 0
cf-request-id: 083c1d39c100002b7db1b00000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
376 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6IlszMDAsMjUwXSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfZmx1aWQiLCJ2YWwiOiJmYWxzZSJ9XSwiaXNfb3JpZyI6ZmFsc2V9LHsidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LxzrOgXGr7qOQG0WJG9a8Ji6RBiijzmRLfvEwvxsyV3sCkEdOqnatXaKCC9sUTsuaKtMXcEA%2FgBvSVvfQQ1pxtOa%2Fco%2BemBcrCwVw7Bffx9ZAFoLU86v%2BqzUdWI%2F3z5%2BBig%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d317038df2b7d-FRA
content-length: 0
cf-request-id: 083c1d3a2600002b7dce258000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
299 B 22ms
22ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjA4ODI0IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTItMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDksImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDA0MzUxNywiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDg4MjQiLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMi0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwOSwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDQzNTE3LCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwODgyNCIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0yLTBfMiIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTA5LCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwNDM1MTcsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:26 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jc%2FHT7jGoNltzMHK35lIOS5OtelVBg17De9qpwLgRCkpwYL9WA2Nop%2FvskIqRZgowxGZ0%2F9dF9C8OWurodxJbAxhMACKLsm1ALf7FMuD9rF3CTLWrwWTB%2BHQxORc%2FiykNFQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3170793b2b7d-FRA
content-length: 0
cf-request-id: 083c1d3a4600002b7dc93d3000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H3-Q050 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 20FD 42 B
89 B 65ms
65ms Image
image/gif 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstHRm2v-7K1ISsag-nSqI9UbqN6ftRgcUOr_82A27vIywvbmuyoXiRdcdDEjpNzdRr0latjr-bmlcEAp8DArb-oOjEcEJSFMZCvFOyQzAtHWj0MGAIv7qNt4RAVKkQPpBACFd_PJoMIuFP3O_veSA&sai=AMfl-YT_A66bEM4GXZBDkqnSXMdAagWQtF5FzuFHhd-zGIcUMP4WoNpeCPU0yTIy3Ob0HA-AOl8kpD4ZOuURESFgeDAKnWBtjQijILnYJmzSnZOF68qwBITWcM0UrBGo&sig=Cg0ArKJSzAkCKzaHtFTaEAE&cid=CAASFeRo_ox-F91xH9e4zlRJ31zLpPPDPA&id=ampim&o=315,1097&d=970,90&ss=1600,1200&bs=1600,1200&mcvt=1029&mtos=0,0,1029,1029,1029&tos=0,0,1029,0,0&tfs=130&tls=1159&g=100&h=100&tt=1159&r=v&avms=ampa&adk=2225908236

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 Feb 2021 08:31:27 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
309 B 18ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsInJldmVudWUiOjAsImVzdF9yZXZlbnVlIjowLCJhZF9wb3NpdGlvbiI6MTEwMCwiYWRfc2l6ZSI6IiIsImJpZF9mbG9vcl9maWxsZWQiOjAsImJpZF9mbG9vcl9wcmV2IjowLCJzdGF0X3NvdXJjZV9pZCI6MCwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJ2aWV3ZWQiLCJ2YWwiOiIxIn1dLCJpc19vcmlnIjpmYWxzZX1d
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:27 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZMQI1%2Fp2HN6qa3ilwzB6DA9LtGO2vz84aaTDFUVkMjCaHRge4hz%2FME5IOfJQz4adkWRLGj6nBFcZYvLjQEHtW45GkTSkQ8mEDRuAewi7MknyNZoSNqfF702dnZdq%2BcHlb9M%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3171ebd82b7d-FRA
content-length: 0
cf-request-id: 083c1d3b3000002b7d760c3000000001
expires: Fri, 12 Feb 2021 08:31:26 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
300 B 17ms
17ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMTkwMDc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tbWVkcmVjdGFuZ2xlLTItMCIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAwLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ0ODYsImRhdGEiOlt7Im5hbWUiOiJmaWxsZWRfc2l6ZSIsInZhbCI6Ils5NzAsOTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTAwNzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9mbHVpZCIsInZhbCI6ImZhbHNlIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIxOTAwNzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1tZWRyZWN0YW5nbGUtMi0wIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDAsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDQ4NiwiZGF0YSI6W3sibmFtZSI6ImRvbWFpbl9kZnBfc3R5bGVfaWQiLCJ2YWwiOiIxMjIifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:27 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9RjMLIyM1hwnJrRoR%2BaTXun4QY3j0ylo30o%2FP9qOK22ChObyJnoigG5mLO4%2Bc1RyT0d4d2Nre9hI%2FiX7%2F6LyJ2xzGKs%2BqZISo4pAheGszD6wZ%2Bh9hAMSHOu2tPpbMcAWChg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31735e302b7d-FRA
content-length: 0
cf-request-id: 083c1d3c1900002b7d7eb1a000000001
expires: Fri, 12 Feb 2021 08:31:27 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
272 B 15ms
15ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8zIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzMiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMyIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:27 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=jR6FRBghpdtzBU94qJOBfJlr3goZ3JCdGNYsXp0exfcomJuxW57hKPbqtTKR1o%2FARnzM1ojvbQPrH3ePfComLyLJMCa8B0khRUv3jdgF4kll9oN5B%2BrNWinUitmDq%2BBeqPY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d31739ea52b7d-FRA
content-length: 0
cf-request-id: 083c1d3c3a00002b7dd4850000000001
expires: Fri, 12 Feb 2021 08:31:27 UTC

GET
H2 200 army.gif Show response
www.winhelponline.com/porpoiseant/ 0
273 B 22ms
21ms XHR
text/plain 2606:4700:3032::ac43:c7ab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.winhelponline.com/porpoiseant/army.gif?orig=0&sts=W3sidHlwZSI6ImltcHJlc3Npb24iLCJpbXByZXNzaW9uX2lkIjoiMjAyOTc3IiwiZG9tYWluX2lkIjoiMTA1MzY3IiwidW5pdCI6ImRpdi1ncHQtYWQtd2luaGVscG9ubGluZV9jb20tYm94LTEtMF8yIiwidF9lcG9jaCI6MTYxMzIwNTA3NywiYWRfcG9zaXRpb24iOjExMDIsImFkX3NpemUiOiIiLCJjb3VudHJ5X2NvZGUiOiJERSIsInBhZ2V2aWV3X2lkIjoiM2E5MGFjYmQtNTQ5OS00YTlkLTRjZGEtMDI1NGEyNTE1YThiIiwiY29tcF9pZCI6MCwibGluZV9pdGVtX2lkIjoyODY4NzI3NCwiY3JlYXRpdmVfaWQiOjEzODMxMDAzNDU5MSwiZGF0YSI6W3sibmFtZSI6ImZpbGxlZF9zaXplIiwidmFsIjoiWzMwMCwyNTBdIn1dLCJpc19vcmlnIjpmYWxzZX0seyJ0eXBlIjoiaW1wcmVzc2lvbiIsImltcHJlc3Npb25faWQiOiIyMDI5NzciLCJkb21haW5faWQiOiIxMDUzNjciLCJ1bml0IjoiZGl2LWdwdC1hZC13aW5oZWxwb25saW5lX2NvbS1ib3gtMS0wXzIiLCJ0X2Vwb2NoIjoxNjEzMjA1MDc3LCJhZF9wb3NpdGlvbiI6MTEwMiwiYWRfc2l6ZSI6IiIsImNvdW50cnlfY29kZSI6IkRFIiwicGFnZXZpZXdfaWQiOiIzYTkwYWNiZC01NDk5LTRhOWQtNGNkYS0wMjU0YTI1MTVhOGIiLCJjb21wX2lkIjowLCJsaW5lX2l0ZW1faWQiOjI4Njg3Mjc0LCJjcmVhdGl2ZV9pZCI6MTM4MzEwMDM0NTkxLCJkYXRhIjpbeyJuYW1lIjoiZmlsbGVkX2ZsdWlkIiwidmFsIjoiZmFsc2UifV0sImlzX29yaWciOmZhbHNlfSx7InR5cGUiOiJpbXByZXNzaW9uIiwiaW1wcmVzc2lvbl9pZCI6IjIwMjk3NyIsImRvbWFpbl9pZCI6IjEwNTM2NyIsInVuaXQiOiJkaXYtZ3B0LWFkLXdpbmhlbHBvbmxpbmVfY29tLWJveC0xLTBfMiIsInRfZXBvY2giOjE2MTMyMDUwNzcsImFkX3Bvc2l0aW9uIjoxMTAyLCJhZF9zaXplIjoiIiwiY291bnRyeV9jb2RlIjoiREUiLCJwYWdldmlld19pZCI6IjNhOTBhY2JkLTU0OTktNGE5ZC00Y2RhLTAyNTRhMjUxNWE4YiIsImNvbXBfaWQiOjAsImxpbmVfaXRlbV9pZCI6Mjg2ODcyNzQsImNyZWF0aXZlX2lkIjoxMzgzMTAwMzQ1OTEsImRhdGEiOlt7Im5hbWUiOiJkb21haW5fZGZwX3N0eWxlX2lkIiwidmFsIjoiODMifV0sImlzX29yaWciOmZhbHNlfV0=
Requested by: Host: www.winhelponline.com
URL: https://www.winhelponline.com/detroitchicago/memphis.js?gcb=192-8&cb=5
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:c7ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.winhelponline.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 13 Feb 2021 08:31:27 GMT
cf-cache-status: BYPASS
nel: {"max_age":604800,"report_to":"cf-nel"}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2BQCHx5yhkzjwBjjXvnk7I3wBmefBFrffGD%2FMrf9sig3hYCWBqrBMt4AKD9WnhBTynyU1we6MFLWyQLYgVDvwJAe4GFS8SoNCd0TZ0NhvFySpi94ZqV8XfEmNfyYiw8pGPD8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
x-middleton-display: ezp_sol
cache-control: max-age=0, must-revalidate, no-cache, no-store
accept-ranges: bytes
cf-ray: 620d3173cf2f2b7d-FRA
content-length: 0
cf-request-id: 083c1d3c5d00002b7dcb948000000001
expires: Fri, 12 Feb 2021 08:31:27 UTC

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: x.bidswitch.net
URL: https://x.bidswitch.net/check_uuid/https%3A%2F%2Fid5-sync.com%2Fc%2F441%2F104%2F0%2F10.gif%3Fpuid%3D%24%7BBSW_UUID%7D%26gdpr%3D0%26gdpr_consent%3D?gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

256 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

61 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.lijit.com/	1970-01-20 00:52:21	Name: _ljtrtb_16 Value: e8f1604d-d9ea-49f0-be23-3069e2b5778c-60278e57-4348
.lijit.com/	1970-01-20 00:52:21	Name: _ljtrtb_49 Value: Vo7eW5EuL9Me
.lijit.com/	1970-01-20 00:52:21	Name: _ljtrtb_26 Value: 980e5c2a-5d1a-4030-9e06-cd1bd1a73592
.lijit.com/	1970-01-20 00:52:21	Name: _ljtrtb_43 Value: -56B3_XLht_gm9KK_sie3K-X1YvgndbY-pdUFDlb
.lijit.com/	1970-01-20 00:52:21	Name: ljt_reader Value: 2798e554982f8b1e9dea2a48
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_218 Value: 22978-YCeOWAAAAICQcCzr&KRTB&23194-YCeOWAAAAICQcCzr&KRTB&23209-YCeOWAAAAICQcCzr&KRTB&23244-YCeOWAAAAICQcCzr
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_391 Value: 22924-5473704335513947430
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_377 Value: 6810-e1d39735-a9b0-472f-8ecf-70ca44640f63&KRTB&22918-e1d39735-a9b0-472f-8ecf-70ca44640f63&KRTB&23031-e1d39735-a9b0-472f-8ecf-70ca44640f63
www.winhelponline.com/	1970-01-22 05:25:57	Name: ezds Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_1101 Value: 23040-6928663056058611861
.pubmatic.com/	1970-01-19 16:49:57	Name: PugT Value: 1613205080
.pubmatic.com/	1970-01-19 20:25:57	Name: KRTBCOOKIE_188 Value: 3189-4c7e0799-9f1c-4f97-827c-b00856b993d5-60278e57-4348
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_153 Value: 19420-FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H&KRTB&22979-FvXQGRig1xkN8INME6PPGkL8hE0N9oceF_xOyG_H
.pubmatic.com/	1970-01-19 18:16:21	Name: PUBMDCID Value: 3
.pubmatic.com/	1970-01-19 18:16:21	Name: DPSync3 Value: 1614384000%3A221_201_227_226
.winhelponline.com/	1970-01-19 16:09:37	Name: active_template::105367 Value: pub_site.1613205077
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_336 Value: 5844-8760626983827293230
.pubmatic.com/	1970-01-19 18:16:21	Name: KADUSERCOOKIE Value: 4D8A8419-A786-450C-8912-05B1BEBC82C1
.pubmatic.com/	1970-01-19 18:16:21	Name: KTPCACOOKIE Value: YES
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_466 Value: 16530-980e5c2a-5d1a-4030-9e06-cd1bd1a73592
.amazon-adsystem.com/	1970-01-19 21:37:57	Name: ad-id Value: Axi0L0SB5EsrlP0U2dbQYPY
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_409 Value: 22966-neNb51RFELsCSa18dNqaWT0f&KRTB&23212-neNb51RFELsCSa18dNqaWT0f
.casalemedia.com/	1970-01-20 00:52:21	Name: CMRUM3 Value: 2f60278e5705a0&2e60278e5727603928944892059747643&2760278e570b40&2d60278e5705a0&f160278e5705a00&e660278e5727600&ee60278e5727600&0460278e5705a0
.amazon-adsystem.com/	1970-01-21 13:03:52	Name: ad-privacy Value: 0
.lijit.com/	1970-01-20 00:52:21	Name: ljtrtbexp Value: eJyrVjI0U7IyNDM0MTE0MTO31FEysUTlG0HkjY1MLIzA8sZo8uYQeQsDSwtzy1oAm14Qaw%3D%3D
.winhelponline.com/	1970-01-20 09:37:57	Name: ezosuigeneris Value: b121afc44006db07804e540621bc26bd
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspva Value: 0
.winhelponline.com/	1970-01-20 01:28:21	Name: __gads Value: ID=04e671730319e3bc-22fd1b1377ba0061:T=1613205078:S=ALNI_MbNl2QZJiLsHbR9cWIb-lTEGKMeXg
.casalemedia.com/	1970-01-19 18:16:21	Name: CMPS Value: 3202
www.winhelponline.com/	1970-01-22 05:25:57	Name: ezohw Value: w%3D1600%2Ch%3D1200
.lijit.com/	1970-01-20 00:52:21	Name: ljtrtb Value: eJyrVjIyU7JSsrQwSDVNNkrUNU0xTNQ1MTA20LVMNTDTTU4xTAKKmBubWhop6SiZWALVhuWbp4abupb6WPqmgsSMgWK6pmZOxvERPhkl8em5lt7e8cWZqcbeuhGGkWXpeSlJkboFKaFuLjlJSrUAaN4fGQ%3D%3D
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_22 Value: 14911-3276776980110877152
.pubmatic.com/	1970-01-19 16:08:11	Name: pi Value: 156657:2
www.winhelponline.com/	1970-01-20 00:52:21	Name: ezux_lpl_105367 Value: 1613205081030\|3a90acbd-5499-4a9d-4cda-0254a2515a8b\|false
.winhelponline.com/	1970-01-19 16:08:11	Name: _gid Value: GA1.2.1535608217.1613205079
.winhelponline.com/	1970-01-19 16:06:52	Name: ezoab_105367 Value: mod1
.pubmatic.com/	1970-01-19 18:16:21	Name: SyncRTB3 Value: 1615766400%3A203%7C1613779200%3A15_2%7C1614470400%3A35%7C1614384000%3A223_166_55_22_161_56_7_3_8_54_13_21_71_81_88%7C1614038400%3A63
.pubmatic.com/	1970-01-19 18:16:21	Name: chkChromeAb67Sec Value: 1
.winhelponline.com/	1970-01-20 09:37:57	Name: _ga Value: GA1.2.430508116.1613205079
.casalemedia.com/	1970-01-20 00:52:21	Name: CMID Value: YCeOV8SJf8CBkcxLKp52jgAA
.winhelponline.com/	1970-01-19 16:06:46	Name: ezovid_105367 Value: 1064388612
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_57 Value: 22776-8997133002213540526
.winhelponline.com/	1970-01-19 16:06:45	Name: _gat Value: 1
.winhelponline.com/	1970-01-19 16:06:46	Name: ezoma_105367 Value: 999,999
.casalemedia.com/	1970-01-19 16:08:11	Name: CMST Value: YCeOV2AnjlcA
.pubmatic.com/	1970-01-19 18:16:21	Name: KRTBCOOKIE_80 Value: 16514-CAESEO1PNCUvjDDSxUrERTpnA0U&KRTB&22987-CAESEO1PNCUvjDDSxUrERTpnA0U&KRTB&23025-CAESEO1PNCUvjDDSxUrERTpnA0U
www.winhelponline.com/	1969-12-31 23:59:59	Name: ezouspvv Value: 0
.winhelponline.com/	1970-01-20 00:52:21	Name: ezCMPCCS Value: true
.winhelponline.com/	1970-01-19 16:06:46	Name: ezovuuid_105367 Value: d2cd3109-6f23-4c35-52cf-8e54c6625463
.pubmatic.com/	1970-01-19 16:49:57	Name: SPugT Value: 1613205080
.winhelponline.com/	1970-01-19 16:06:46	Name: ezoadgid_105367 Value: -1
.winhelponline.com/	1970-01-19 16:49:57	Name: __cfduid Value: d7dfa3bf67db5d8a92b0d0b62ac02c2f51613205077
.winhelponline.com/	1970-01-19 16:06:52	Name: lp_105367 Value: https://www.winhelponline.com/
.winhelponline.com/	1970-01-19 16:06:46	Name: ezopvc_105367 Value: 1
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_699 Value: 22727-AABawE7ATx0AABGBY5sr4Q
.pubmatic.com/	1970-01-19 16:49:57	Name: KRTBCOOKIE_27 Value: 16735-uid:55966027-8e57-4300-af4f-859128e57b57&KRTB&16736-uid:55966027-8e57-4300-af4f-859128e57b57&KRTB&23019-uid:55966027-8e57-4300-af4f-859128e57b57&KRTB&23114-uid:55966027-8e57-4300-af4f-859128e57b57
.winhelponline.com/	1970-01-19 16:08:11	Name: ezepvv Value: 975
.ads.pubmatic.com/	1970-01-19 16:08:11	Name: KCCH Value: YES
.casalemedia.com/	1970-01-19 18:16:21	Name: CMPRO Value: 1141
.winhelponline.com/	1970-01-19 16:06:52	Name: ezoref_105367 Value:
.winhelponline.com/	1970-01-19 16:09:37	Name: ezovuuidtime_105367 Value: 1613205078

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.winhelponline.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.winhelponline.com/
console-api	info	URL: https://cdn.ampproject.org/rtv/012010270040000/amp4ads-v0.mjs(Line 9) Message: Powered by AMP ⚡ HTML – Version 2010270040000 https://www.winhelponline.com/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.c.appier.net
a.rfihub.com
a0a15fc31b7597bad2cf8c56afb5dc11.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
absorbingcorn.com
ad.doubleclick.net
ad.turn.com
ads.creative-serving.com
ads.pubmatic.com
adservice.google.ch
adservice.google.com
amazon-tam-match.dotomi.com
ap.lijit.com
aud.pubmatic.com
bh.contextweb.com
c.amazon-adsystem.com
c1.adform.net
cdn.ampproject.org
ce.lijit.com
clients1.google.com
cm.g.doubleclick.net
cse.google.com
d5p.de17a.com
data.adsrvr.org
dis.criteo.com
dsp.adfarm1.adition.com
dsp.nrich.ai
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
g.ezoic.net
g2.gumgum.com
go.ezodn.com
go.ezoic.net
google-sync.rutarget.ru
googleads.g.doubleclick.net
green.erne.co
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
js.gumgum.com
loadm.exelator.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.prod.bidr.io
mwzeom.zeotap.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pixel.wp.com
pm.w55c.net
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
px.adhigh.net
rtb-csync.smartadserver.com
rtb2-useast.e-volution.ai
rules.quantcount.com
s.ad.smaato.net
s.amazon-adsystem.com
sb.scorecardresearch.com
secure.adnxs.com
secure.quantserve.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
ssum-sec.casalemedia.com
stats.wp.com
sync-tm.everesttech.net
sync.1rx.io
sync.go.sonobi.com
sync.mathtag.com
sync.targeting.unrulymedia.com
tpc.googlesyndication.com
uipglob.semasio.net
um.simpli.fi
ups.analytics.yahoo.com
visitor.fiftyt.com
www.google-analytics.com
www.google.com
www.googleapis.com
www.googletagservices.com
www.winhelponline.com
x.bidswitch.net
x.bidswitch.net
13.224.192.34
142.250.185.130
142.250.186.102
142.250.186.130
151.101.114.49
159.253.128.188
172.105.221.29
174.137.133.49
178.162.133.149
178.250.0.163
178.62.202.251
18.156.95.187
18.159.187.109
18.193.31.194
18.198.126.47
184.25.115.49
185.29.132.69
185.33.220.242
185.33.221.90
185.64.189.110
185.64.189.114
185.64.189.115
185.64.189.249
185.64.190.80
185.86.137.131
192.0.76.3
193.0.160.129
193.232.148.143
198.148.27.140
2001:678:cb4:bbbb::11
213.155.156.164
213.19.147.151
216.52.2.39
23.218.208.200
23.218.208.246
2600:9000:206f:1c00:6:44e3:f8c0:93a1
2600:9000:20eb:2400:2:cb38:840:93a1
2606:4700:10::6816:1857
2606:4700:3030::ac43:c6a9
2606:4700:3032::ac43:c7ab
2620:116:800d:21:f916:5049:f87f:108e
2a00:1288:110:c305::8000
2a00:1450:4001:800::200e
2a00:1450:4001:801::200e
2a00:1450:4001:802::2002
2a00:1450:4001:80f::2001
2a00:1450:4001:811::2001
2a00:1450:4001:811::200a
2a00:1450:4001:812::2001
2a00:1450:4001:812::200e
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2004
2a02:fa8:8806:12::1400
2a02:fa8:8806:16::1400
3.126.56.137
34.120.207.148
35.190.64.11
35.201.96.126
35.227.248.159
37.157.2.236
51.255.68.171
52.17.137.119
52.209.120.242
52.28.254.214
52.59.81.87
52.95.123.167
54.239.17.112
54.72.203.0
65.9.69.5
65.9.69.83
66.155.71.149
69.173.144.138
72.251.249.13
77.243.60.138
80.64.106.148
85.114.159.118
94.23.171.206
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
04e43870098517e0bdd4e0a54d10aa1381eaceb225d5774a8aa546be9aaa03ba
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0a58b6eb4a7e2bee53bd024cf92512c4620a9aa7d14fa24200f00d240691f4ae
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
0d4bc2d5c34588df622aebd16adf97b5a4ebfd9ac5b49eec1c795a5055ac62c5
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
0e02439734cce2c29ad80aac951b5cf2af126b7cb28e589c79b9b1c792f45a91
0e7f611710f3d372428c4be42bc42c8aca0374a156433fda22774daf5b61baee
0e87e9b2f707860d2f48d497425e02e2c5b43d072175d682d9df7094e91a7e5f
0ea437031cdcc9faee283a52e9c05d1fb03b17315905b525237e7597c6d3c0de
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
10d4b728888654e0b85c706a9310b551087d3321fb8ebfff147d07b13fa73bf0
12cb7e0697a9aea72dabc8bcdfa7e9bfc3be24451ede2e8dd33a7054b4f03129
130eab0b79272570e565d77bb286b5755b9aae8f33efe8af7a2689bf8eabb859
14670ecc116f8412c3a6e6fdc3bdf5d6ee1f29d5edd24951776c645e02e7f7ee
15f0626dd31e3e991a1c21d6304f2e370b92b3c91650de3d7ed8a38f1159a457
174d66456283644e448a9b366e6b45299f086fe798c286d951b46a0df0d843ad
1783ca35863bfd63f19181a350b7dcf357694335d53a3c7994787666d26eec5b
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
184b0238dd0f35c02d9626a9c640e9a648ce466b54160ebc7c8053a0af743328
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
1b68431bd479f66f60cca8fef9520547c0f28390680174d8b36c5591085e8393
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1c9a5faec65003cb3a90405ab6b7c213f6117cd1f81075d86f330b26be26784b
1d3b9dee265bb8297e79d8e1d66737b6f1f4d74e26e3b33dcf100ba258e2ee0f
1e647bdd79ca5c4ef5c258ea551dc508448f2cb05577ec99dc05147678ca59d3
1ef6662057d29b163b609fa20b28204d73f55923af5b743068ba8f6dc9f55004
2034df1b8cb57f559973e3d59a56df824d0563e88af1bf35ee4dfd9ce26695d9
2056d978c6d084130d7efd3381d4884e8d38e35ebea5422139469c6f1579e811
227dca8a7b2f32007a53cba79d45710cc4c58ecb4e7ed1b8ce3726735d56c7a8
23371b5319a53a0a2d3c59d738d679c384822c244ea4e791ef87a4110b8a291e
244de6960388f992e43c07685dd8c7ca1ee4424d85874a72036f2f8e692bbd7b
24e480e4659fbae818853a38f8a3036f529f539024dc3e772c0b594ce02ea9db
255904f3e7a0fd09000eb94ffcefa6ad6f73dd6bb83a83aabb082d3e098b27bf
26b4485584314aa0850427462143a6a28b66c982db28deb42766214fad7744c7
27412526367d678d4d36f4d74af1ece4e1ded258e50c1c7cd21d6ee830e115fd
283b8f353f5a87ee551dea88229f03b719f05f1ef07519a0be9d77c613bf106a
2e2e85a60c60615c64af995f082c4fc72c9d3c8657b2737e695251f37bc0de55
2e3cb156e7ffc9b1b9836725c9de7383fb1ace80b56eba809e540f8ab829e637
31acdc20a8aa606df0e9a9cef6f427cd6b9ff9cc89cf8b2d95f64f03543b6ef7
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
331b2b1241f1f2a53744bdca867c5b76954d9431970e91f490f64c707fc24a16
33e54b5d0e7634e4bf5a9c9f80c5de0fb06f936a39b86296076010c9e6e56d7a
33f7d8a2ec4a5e0118d69c706d35c272203ff38eacc9a3bd14debe956684a606
353dcf2e738f427e40cba14090f57b0d088d09d07b6f484779e3ad045c0b6e1e
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3768f04f42b79eb4e04658f9afcdab75362a71eed99e851b05312b74964907aa
37d4ae593a1268d4afce8c38f61ea933982184d2d6055300c2bfdb8ca28c2846
38c81b5865c0bfb85c7cfd183c5e972145958fe3850aad60b39f3966af6b1e54
38ed2c21bcfa116d731881882f18dcea1371c5b3c8f885bdaae9ecc92a1848c2
3d2a51a548df3acbc5bb961060f0ae47fc8b2502b78d3303703db1101db43c96
3d67ca5d28f1dd6fc58ae8f8ab79b70755b30a52eb04572a6df8e50869ff748e
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fd62148b7be959fdbf453a639cb4de24c942145e1dfae9a47c0c22c35509a69
3ffe3558eee19297c7d7efb3ee170abccec5984bf568d44a194bfd46153ad898
40c77c87d3b7b568a4861fd526796a8ee0cc3ada0c418ac68fc8fded53966c47
41eb9054d5d5527274926b32631be8eb22dd6254f15a4d9d14cfe2688ea4f538
423d9302ed2d8215df56cf7537dc340c45816cf4cc7bb27a67fbb5499a2bc00c
437afd9de21717c919be3f40f686b33170f2447dc03ded0fc00ac0cc41839854
44f25f359fb7b83aa729b8c497a555aa120b21491816ccc61a1c34f6e2a38b72
45f6bcd6a4c782d7b8ceb498907d4821a0648bff646fa1a6809324e666edf4b2
4634b94630896f1a23c5ce01f743d720847c5f4dd28fb549ed503cb2df4f8e87
46856562ab2c2c0afae8477d46589792eb07dc3b570a3c56c108f2e7a780066f
472cb3f894c8b8ce8edb91d98f781c3a6fedef266272b987fbcae4f908ce0f24
477549a4d5fb644cda6bf64af01631b8411022d88e608bbd8e5a06e327b391cb
47a6b711aab7cce416567713b9600a19a621d1e24092d09f12a0ce40fd10ac90
488724f863b6e50afb92859fd714bcb1b6814b616b8e0c3d0fd261599a750d9c
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
48c978eaee9473c367fd30eea148b6cd5233e58a317a36157c24e5dd2af62a97
49e1dcef611a905b866974d135554059ecd77a0ae022553178ec359ea0b64504
4c1355d27b14881a055e00a4a2afa4608b452c9780ac5c61e1b8f9fd55fa3e1e
4c6cf0709b8e52572cae1fb57128acd0a5a453c9ce99dc3712a1860ff90c6bf8
4c988562921aa066ad1aa5409fb5e219ebdd50c3be9fb2defddc3b322ed19eee
4cc8b437125ab96313c8b2474dd31744fc8230c48c2e59b41e91ebb0c7f5751d
4db6732268b3d9330df1068351b18e2fd1c1c6da87b5953259b022a19ddfe7a5
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f83db4d6431c0b742caf2343b1c14ece7b731a872e54220417b3760299f3872
5018230bc803da921c5e52b4c9e13973754ca8819e302dfe47320decd606a335
526cb9a7553d6aa0aebe91009a0ffeb4385bb86d8affd3c8791e6fc3b14c8241
5340bfb6645697c441e975c32fa078a85f1f98c1c4109252db04407cef9dd2af
545881e36f9fe4d4d387c90f876f32df9c0cb800545fe5bb0496a58f6dc53b86
545922a37c39fa42096863efa6e540288adf134d5f984f054935d2268f04e99a
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
54d3969a58f80d2f087705d05d388028cdd7d86eb8b14d11e35e9ea91b4ac11f
5578a62b81f315375d072cfe506fc13813e844f94c910bdb15ce20e1fc3ef50a
59d60d3a4e02c9af5e658bff986c2e60dc597310aa233383a5af4f44b03b3169
5b33cdaea1b39329ad7bdacbf70f311a22852025bb817d264bfe0451231d241c
5b8ca12a460703aca3d43ad880e4e414d6e1a058d1ce9da226080afc42927700
5be5d1d8abece06c1f3a82ba99422236612be1ff31db58c2e7695421c9c43835
5d0fc0debdcfbf299be5d5944ad77e3efd284e07ae5e941f19330529702f9d61
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5d677db23965b30e66183daefe8aacae42392ca85c87bf38ae2fd754c095471d
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60badb06436674090370775a5d077e93e0f918f3932df76851b6dd55620ae472
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
619023867fc6c13f087935cfe535adc7b06b57d510b9b4b218e47a53708b87e0
636e5f5b2eebe0800656a171c6ee9d34ee67cbae3d745983c48d4a5474421d53
63e971626cb7961fb014906a5476a7353bba89331013e001bb16b4a6ac5ce93f
6674a3b31bc7014d04e7aeef41596932d4dab2fdc391a3bf02064ccf1a3e64bc
688c182aa63c69d301fd45421dd253eebbd3a0041a7e86417d7e8eef99307e16
698b58c543a5d9bf4ce9b24203d6a26b503b61f170a5f80f63d56ef2a7dda6a8
6a20df1c9969434b2bdc65b74e6c8695af04f9d32d54ddd01b790cd55ba8753c
6b8721e8f303a1953de7abff1ec9ee1b0bc36d0769e48f697f9b1f5ebbdd3800
6c7565d1c3bbdc0b66cb114627a7fbf4c9f8a871755b566cefc829330ef5fbf6
6ce93561c2fc9d5199a397e6ddb57a92db19d4fb2736982338fd9506ad42dfa1
6d093fe8119c2a3c87513b3bb3f0109c99254f90e5e99b3ff22ea05e04c6c932
717e9759657392ada69981d5b44649c2ec78b94f39c8d975131da59844b04bc2
718d8e9bf93740a3a90b67e53219319342074524b2dede8ba219eea4c41ea0c4
73618d59a3dc00468aa85f81f93cad60be8c20b12a5d4ba40d3f0de6d172a6e2
73dd08c34cf381d62ebef877a80373a6c926a2e641e651c27640ae4fb05af464
75b0a8b8feb2ec977d4b99c2e1c03abe9bde51afe5aef1645624337e9418f8da
75f671774ddcb4c02d3b3240d1ac3227d1585d3dfe48f138be7791f8b929e9ed
782db5605136a4b7d143bfdacf544a921cd7b8b2bd8c1fcfb1ff51baeb1d4cbc
786e70c68d921fa70c50079a5531f390d40d2b4a54731ce909d1762e5e6185d2
792e3ff545f76b1fc8b1bda0f7eb8e7489ee4759814ba01fef6eca7987d53522
79c2cc1565436e77cace60524592f7a6b13959d25c39a14be92d2b1c35a2d35c
79f8ee3ee2be4cab6ca5ffbec67dd65fb85e2b93a2f7ad3f2cc22b6802c8871f
7b85bcb075a13466616c573a91f310265b48c0879b56e003d4d3b7c421eee188
7c61d9cac4cfd9f59469a76d8f459e98b040f054e29d2dd90af41c8755bcb188
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
7ff202027c17d6fc15358e49e0311353dfdd69f1d3d3868650999b5bacb884e9
80a1ae567d396855243284e674876bb0d856f0e7a18d3c0142f0828513716dfe
80a64e0203bc418ea04e717b8d05a089af31beca8b75408f263d8a414710164f
814d10bf224e52803749b46e49b9da81afdee80758a6a9e6cb7ba9e617f05e82
8230efc6af9182cb5a3412670b861554742f8795886a114dfd20c78467ef4212
83127efb53ec7370360122f4b3ff3dc50cb97188498bfbdafe32051561a2cf05
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
839cd49aa2a6f409cc73f8bec9b4f0f13d72f56e5f36719a9522bc2b30f173fb
86f05538538458564e3a3da58e21a9e31aed0cbd467bfb9f2cf35ec801be2428
873aed697d352242a06cc0e1961d2503173d4cbe93713671731d6b8928961745
878c03ea07cf88656d7aea6c98453633d66caa4802a86b301dfa3da8c5fd89fb
8829a8924dff757932f56397690292e154eb33f5471e683cebfcc9884c38c2cf
8b4fd584a054bbd631a656663b00d5e0ead562575f16105f2563498a799f6162
8c83002bf7e968ab24fcbdb5e144252f9591fd499b241d3b58c7962d296a759a
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f5c45431efdf2d7b5bc7a8d70a801df77e62d04d363be160348e2788d135767
8fbc17ed739bfc0cc8fe69f2e3fd6985843e179d0b9c75e08af069b95dc4c685
90d26d0a7d028ce6715d93cf37c8acd2eea0bf9323e72114d78b520e8f5ed1c1
914d1313b198e9af2eb207919ffec7c4733d120995ab6f4dfda969665e1909cc
923e578334db5eeec6992e78cf949a8fe32632b59420a17d2c5b7dd4c9d56903
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
928ad5483231df558fc05fa451bd496bc49b7852137d4881890886c8399265f2
937260733d0fe87acc40ca79f10101e59cc207882f7c724bf3d3cfcb969c6020
939f0d4b0cef8ef02116b8c35fb0cfb66dba982b95d1379b0c6337e545b0a5f3
955227a6448da318e8ea0eac7bcf1837ac4103ce4b8e21e1f869d5dd14f650c7
98e8e2571090df9df268dd5a44687e515a095960793f223a7f1c01134f6838b2
992b916b1c2bfee7168ae8984355f84db72b35b7d70080e7571709f0150fa266
99561059be1220b77fa61453b094d029a8c8ea4e6a2f02e844ddef7c533166b1
99a534a57645c6302b91a0d49b071e549a292404258e521ab036b2ad3c16a186
99b012f932cc8ebef88bfb75652d7254dafe230cf783a88355e7008b2680e3c0
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
9c65459ca42311e0290c47ce72a5f075bf7a08fc72c25e7b393d0eeb8021914a
9d09e0a7a1dd10d174fcf8cab650952432c1fd1b65dd811c1ab75fb7b6cb45c0
9e480b2fc477482d553c6aee25671a1f4c59545a78ca0a213601bc5fee911265
9e79876ade251479d543a8f826f02686605951b395a37d305ebda877c0200c84
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a0f4831384e5f952f5be620c856801cbe0f152c7d7e73dedb1716f68ca2a49ac
a29297eaef6c8ec4f15846560d443d488afd81b9b85b1e3357656587bc9db222
a32dc6a792384a0cfe0314a40991c6fee68809b10dab275863b851dddb2b59d6
a3d21be02646badfddef3c5b4d98794e2a48f77f9e7ab7f999928cd2603f47b3
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a533e6ac10f159c258a7737b2a63378e910622fcc61e6c90be14d6d95328fb64
a7ec634366755e9c642da154b6fd2680bf7036202397cfb7031b3cbb12d3f871
a86753d4effe5e607d4eaf03fe37eccb8cac743a528f874f736f4d7f35e094b1
a8c9be9e613212876cf6693bc83fb8a46d3042f290ac27be6415d292958be65a
a90b5610c694e12e819322fc41fe66be02a32920a462ae656b9074d1de49d466
a94980b08339a5542059aca5d7e8c6773a9ae39eef169c2bcad97cb933ea17c0
a9f5bcaea7135eb0b06f4009ab1d5c031b2656f8b6a3a0fb6a833c6291193a36
ab0dfcf5d623272bb54d5e4d3a857f0f3526e69734566550718cd083820a0dd6
ac054159a85ddee2e265bc0a517304e773e8c8db653af949bab52dec5e2a1ed9
ac990171fc2a8993d659ce8f10bc0a7815c43835ba1dc00c2246f3556c6eeecd
acc512f488929e63073ca0055e596c7d67fe4fa1c4670942afac1a1d2ff587ed
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2ab9ac436910017b9a2ca7db0e981bad3638db97f576d713eaa9b302e06c094
b61eb57ae77f31b91b04781da33023ecd897fda21f6c817e6c27623204046f42
b62a031b117adaa15131c8151dde56420a48f848f3d7c7b3be569bfe589d46ec
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
ba4a89b7abc0fa630a62dbe5e5b0f65d4bd929b80677878e9efe1f8a10fd0478
baa180b8bb2ca9d863de75ae574f3b43abccb30eb9e652257b72065d02946598
bc3e89318f8ad6d66e0ea5b27a0526cba837ae58f633f286bbd5c7535f7f4493
be764d640a7efa0022ca94a330ec3c7f38f462016f79f400d06da583be69a31e
be993a8ea2b22eb5e26a881c1463d912ca6f20930cf937cd02c59fc0ca036d95
bf77c37d428be4f1a5a0004c327e0b2af2f921e583120b585522db8a13dd8a51
c009bfa4df8d71f72611942476978fb43eb99795f64144731b67dba4adc2c7ff
c080c4a70f92a654c7e93f3a3e9746c286d725fe7d262da5c4033eb73915ba04
c0901279dec1117310802c450665b34a60788da4a00e066d2de367327cd13456
c1e0ec49bed120e3efb5481d06befcef2693e65099fa5806e336438cefdd0b63
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c52d08396d4cc048f954c71ec148da02879c9baf180073841b7156445d499366
c665cfae08e90133d0851e11c4b0fbf59377f0edc07323e5022c05cb13b909a8
c7320657dc8acd4e7f134ddc9aa58495d9103dca84caf459d7620a41a81f9fcb
c80203c7eae413cecc09a4ed0974e31a8538060cddd5bc1f1a5bfa53db672c9e
c90cff659645a312a28804965f3dbc34061338f7234ff5d6ddb2c57e9eadec15
c934b8063ff7de62800a0cbf6475b32ccd30058f9bca0f4dace8713b938aec53
c9e4a3d3cf75ea2bc859f0d9daa12980d9db271e1c9dead979cebb728a43f021
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca752586777d1f855a56edaaf5a718b562a36a8d6b5b990f6cc7e590009bc3e9
cc8b935fc7a0fb31c550d69f25b8453d3566520a35cc96bea92b10d71335debd
cdac854f4acbfdb8ead9baed8f44862231ee9739eee36777bd3eb60e94ce4c19
ced5c873136c4fab4584c0c6d26dcd530c748303d7ed9b7a7966b2fe1d6f5915
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d5a1dc8eb93a0973c8a4e3514bf5ffa00749f4a8590990686d58192cbf790c14
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d798d8773831f64f1228bc59f6dc361eae9b0811b1cbce20d639a8695b1d118c
d8783ef685913f06da7e385a57c93b9e356aa567402e0730579db45d90828660
d895a00a90bad8fa5f121d61e067518dbec53cbc2ee9e3f9fe161f652e5fcae0
d9cebb89ed3e16a74386f743f3fc12fe98cb4fc5c11f03af5febdf1141ca6a39
da7d58f3f75c2f190c551909d8a1a67e257211c17452a4f4f3319d41ac3d956b
dc51ed5137587b9033d06b65d9456d6d69dc52a4005cc51b2d23f85e69d4f8c8
dc834d719261c51b562aae131a3619011d90e0708e66c70fbcf95c7fb7717977
dc8fb71598f044a07ae2010e8c5d2741702063bc176a3b133f9a04a5c3f2991b
dcec22bbcb68119d6c7d6d5e088fb82183a9826d0c9e3403f1386fd837f06a89
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf22435d4ecceb89da89c9955de237e232ba6625623d718e0f2ed03ac6a7e7b
e09a5ef92c896d2694b22baf5752a07de75f8ef75b18fc81dc685355f1597c2a
e1b1958adaab619c87918f57b28bee119a8f1122b7c81cee66775066010b3abd
e2bc2e62acd8c74b47dc6b86918cd2ede0a053b716144298bd97e66366524fdb
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
e4536e1881d7fc6805310601ad8730eaf9571b91b927d1e39b8e797485e19fae
e70f46ce29bc22961327a3240b545cf419346d8c52316f774c7a7b2685914b8e
e86479d6e54449d1085c2149e190a615c6bead407b20bacbcf5852b5d65f1fee
e9912fec9be93c40b8ac11b1d37b95239d7d74d21eea9031de6f7033df6d6ee7
eb21c189b325cf3c0c0a15d497412aae392eca9d23b3e432f71742b73606aa7e
ebab910fdc7c7e9e079caa9f7321177b135b2e1542f86ce36937ceb41865086d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f01b0c400b4ab9ffd7a20b2538f70f61287439651b5cee7c0276a8c6af53828d
f15756ccc513df43e26a116c19da17985dd139f9d2bd5666d0dc8badbfeda96a
f16f982c1530ec53eb25f8012bdc9de3def05de4764077bbdc924836b3a1582d
f1da7b316adfa8f815e6c330161760d7617a131477745128c9a34fd357826b52
f1e945400c04241ef089d71de3b0cf7e202431ac4685ada318714fe07ee9dcb0
f21ea3a8c4bd9bc377ecff3bdeb2e84fa9664456626862f1cbe4d7032630d93d
f245eb7469b4eab11697db7c5a601dd0e64c0a0913aa0b1bae3e3a52ee9cbf79
f2e80df2e314cc9218327215f6342218880a1a4c0523af9b292e0b24a03a683c
f2e812d697c94925bc4b47c78e470c7ff776edf289875d650e45e56e8362af54
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f5b5dce4c7b3520f2f511fabf36c7ef80e2865ad6c90e4d888fce38fe854e7c3
f80ea602603e025dc8cd8d1a8b1868db1cbb0b9dedf8b31988a3ed201c10f499
fd78f51affedcaa173cd1f15fca8f1fbecdbaafa7020cec2ae0fe3befbed5ea1
fef6d90fc22c3f94fa10afb8f2486ccf398d3637ba2ef62d2be59a1d974e318c

www.winhelponline.com Open in urlscan Pro 2606:4700:3032::ac43:c7ab Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

448 Requests

100 %HTTPS

29 %IPv6

61 Domains

88 Subdomains

50 IPs

10 Countries

2368 kBTransfer

5932 kBSize

61 Cookies

7 Outgoing links

Redirected requests

448 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 30 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.winhelponline.com Open in urlscan Pro
2606:4700:3032::ac43:c7ab Public Scan

Screenshot
Live screenshot

Full Image

448
Requests

100 %
HTTPS

29 %
IPv6

61
Domains

88
Subdomains

50
IPs

10
Countries

2368 kB
Transfer

5932 kB
Size

61
Cookies

448 HTTP transactions
30 data transactions