www.thivien.net Open in urlscan Pro
222.252.4.155 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://thica.com/
Effective URL:
https://www.thivien.net/
Submission: On March 01 via api (March 1st 2023, 8:09:00 am UTC) from US — Scanned from US

Summary HTTP 170 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 26 IPs in 4 countries across 19 domains to perform 170 HTTP transactions. The main IP is 222.252.4.155, located in Hanoi, Viet Nam and belongs to VNPT-AS-VN VNPT Corp, VN. The main domain is www.thivien.net. The Cisco Umbrella rank of the primary domain is 810710.
TLS certificate: Issued by R3 on February 8th 2023. Valid for: 3 months.

This is the only time www.thivien.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	151.106.103.107 151.106.103.107	47583 (AS-HOSTINGER) (AS-HOSTINGER)
1 14	222.252.4.155 222.252.4.155	45899 (VNPT-AS-V...) (VNPT-AS-VN VNPT Corp)
24	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80c::2002	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f012:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:400... 2607:f8b0:4004:c1b::9a	15169 (GOOGLE) (GOOGLE)
17	2607:f8b0:400... 2607:f8b0:4006:822::2002	15169 (GOOGLE) (GOOGLE)
2 4	2607:f8b0:400... 2607:f8b0:4006:81f::2004	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
44	2607:f8b0:400... 2607:f8b0:4006:80b::2001	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f11... 2a03:2880:f112:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.22.86.99 52.22.86.99	14618 (AMAZON-AES) (AMAZON-AES)
5	2607:f8b0:400... 2607:f8b0:4006:81c::2002	15169 (GOOGLE) (GOOGLE)
3 4	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
3 5	192.40.39.223 192.40.39.223	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	68.67.181.211 68.67.181.211	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2600:9000:21d... 2600:9000:21dd:3e00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
4	2600:1f18:1ac... 2600:1f18:1aca:4281:19a0:6e54:6783:f740	14618 (AMAZON-AES) (AMAZON-AES)
7	2607:f8b0:400... 2607:f8b0:4006:809::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:824::200a	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:821::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80e::200e	15169 (GOOGLE) (GOOGLE)
170	26

2 151.106.103.107 (Asheville, United States) 2 redirects

ASN47583 (AS-HOSTINGER, CY)
PTR: cam.boxsecured.com

thica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.thica.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 222.252.4.155 (Hanoi, Viet Nam) 1 redirects

ASN45899 (VNPT-AS-VN VNPT Corp, VN)
PTR: static.vnpt-hanoi.com.vn

www.thivien.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 2607:f8b0:4006:80d::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80c::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
static.xx.fbcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2607:f8b0:4006:823::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1b::9a (Washington, United States) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2607:f8b0:4006:822::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:81f::2004 (Nutley, United States) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:820::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 2607:f8b0:4006:80b::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.22.86.99 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-86-99.compute-1.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81c::2002 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.80.66 (Glen Cove, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 192.40.39.223 (Canada) 3 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.181.211 (North Bergen, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:21dd:3e00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1f18:1aca:4281:19a0:6e54:6783:f740 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4006:809::2001 (Nutley, United States)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:824::200a (Nutley, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:821::2003 (Nutley, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80e::200e (Nutley, United States)

ASN15169 (GOOGLE, US)

mts0.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
68	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 140	728 KB
27	doubleclick.net 4 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 stats.g.doubleclick.net — Cisco Umbrella Rank: 77 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 cm.g.doubleclick.net — Cisco Umbrella Rank: 202	378 KB
21	gstatic.com fonts.gstatic.com www.gstatic.com	457 KB
14	thivien.net 1 redirects www.thivien.net — Cisco Umbrella Rank: 810710	355 KB
8	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 748 static.adsafeprotected.com — Cisco Umbrella Rank: 573 dt.adsafeprotected.com — Cisco Umbrella Rank: 539	100 KB
8	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 73 mts0.google.com — Cisco Umbrella Rank: 4217	2 KB
7	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 391	134 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	5 KB
5	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 531	4 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	242 KB
4	facebook.com www.facebook.com — Cisco Umbrella Rank: 105	13 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	3 KB
2	fbcdn.net static.xx.fbcdn.net — Cisco Umbrella Rank: 803	135 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 788	83 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 151	89 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 855	602 B
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 693	29 KB
1	thica.org 1 redirects www.thica.org	366 B
1	thica.com 1 redirects thica.com	364 B
170	19

	Domain	Requested by
42	tpc.googlesyndication.com	0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net
24	pagead2.googlesyndication.com	www.thivien.net pagead2.googlesyndication.com 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net securepubads.g.doubleclick.net www.gstatic.com www.googletagservices.com
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com googleads.g.doubleclick.net
14	www.thivien.net	1 redirects www.thivien.net
13	fonts.gstatic.com	www.thivien.net fonts.googleapis.com
8	www.gstatic.com	googleads.g.doubleclick.net
7	cdn.ampproject.org	googleads.g.doubleclick.net pagead2.googlesyndication.com
5	fonts.googleapis.com	googleads.g.doubleclick.net
5	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
5	www.googletagservices.com	0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com googleads.g.doubleclick.net
4	dt.adsafeprotected.com	0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com www.thivien.net
4	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
4	www.facebook.com	www.thivien.net connect.facebook.net
4	www.google.com	2 redirects www.thivien.net tpc.googlesyndication.com
4	securepubads.g.doubleclick.net	www.thivien.net securepubads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	adservice.google.com	securepubads.g.doubleclick.net pagead2.googlesyndication.com
2	static.xx.fbcdn.net	www.facebook.com
2	static.adsafeprotected.com	0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
2	fw.adsafeprotected.com	1 redirects 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
2	0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	stats.g.doubleclick.net	1 redirects www.thivien.net
2	maxcdn.bootstrapcdn.com	www.thivien.net maxcdn.bootstrapcdn.com
2	connect.facebook.net	www.thivien.net connect.facebook.net
1	mts0.google.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	code.jquery.com	www.thivien.net
1	www.thica.org	1 redirects
1	thica.com	1 redirects
170	29

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
pinterest.com
www.tumblr.com
hvdic.thivien.net

Subject Issuer	Validity	Valid
thivien.net R3	`2023-02-08` - `2023-05-09`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-01-10` - `2023-03-08`	2 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2022-08-03` - `2023-07-14`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-12-30` - `2023-12-30`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-02-22` - `2023-05-27`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2022-08-06` - `2023-09-04`	a year	crt.sh
dt.adsafeprotected.com Amazon	`2022-04-10` - `2023-05-08`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh

This page contains 24 frames:

Primary Page: https://www.thivien.net/
Frame ID: 354F8F62E143E8436F8025768A2773EC
Requests: 43 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20190131/zrt_lookup.html
Frame ID: 0471192C3686B1CD53661271A61598DF
Requests: 1 HTTP requests in this frame

Frame: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: DCA93B448BEBC764CE04246B7F326B8E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&adk=1812271804&adf=3025194257&lmt=1677658133&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fwww.thivien.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133864&bpp=5&bdt=734&idt=172&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5619359012683&frm=20&pv=2&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=196
Frame ID: E81F0353B29CFEBFDCA223588DB4B40B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200
Frame ID: B9B1FC76D8087D23316BC4065B6528F5
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=250&slotname=4323823526&adk=3766599677&adf=1372361623&pi=t.ma~as.4323823526&w=300&lmt=1677658133&format=300x250&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133875&bpp=1&bdt=745&idt=201&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=385&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2sqd9yHy4d&p=https%3A//www.thivien.net&dtd=205
Frame ID: 0D53BB0FDC1A6871332F48A4934CC726
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=600&slotname=6079758327&adk=4155854282&adf=2789987547&pi=t.ma~as.6079758327&w=300&lmt=1677658133&format=300x600&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=219&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=641&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BuAijCqzWZ&p=https%3A//www.thivien.net&dtd=224
Frame ID: DA431A2917C5B475C5523961966476A7
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=107748359&adf=3254301053&pi=t.ma~as.2707489529&w=840&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=840x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=227&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250%2C300x600&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=0lMAkLRKkC&p=https%3A//www.thivien.net&dtd=230
Frame ID: 52F477E297923238D8FAC976237E97C4
Requests: 1 HTTP requests in this frame

Frame: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 8F114D4FAD2A4B75F360FF3F461203D5
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-L8QIQ5O66_wMY_fGu1QEwAQ&v=APEucNWxkXOoqL5t4RRwBhe-i4b_8LKbdE7ZYbrbHbxjB8EYIo01MEExo2ViB5_MAGDaFMQC_Fc_Ye3nSzH-I4mEqDvra0mDgg
Frame ID: 20F37BCDCB58B344BC3DE927DAF604E9
Requests: 5 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: F28F1F8133A92646FCD8C12E8B9F1206
Requests: 1 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs
Frame ID: 137ABE3162339E563F24AE652F7BBADC
Requests: 27 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6193B891830387350454BBD709CB9363
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1
Frame ID: EBF5C0DA7A3851431F473903E9288A0D
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EE7F6ACC454BEC37BADDEFD8A6A734C7
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js
Frame ID: 2CABE95CCB4BFC72CC01E9E0CB0A2F5B
Requests: 1 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/30ff74cd17fac218005202762a48c647.js?tag=client_fast_engine_2019
Frame ID: D36F1246BEBD8B7D234BD393830FA263
Requests: 11 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js
Frame ID: 5C7F80B090D73C95EB80FFC9E9F86D9A
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js
Frame ID: 18D454B224EEC02D57A439979C3F0874
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7B273D29171F942102B038E4297E65E1
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=456842347781417&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eb290368a70ac%26domain%3Dwww.thivien.net%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.thivien.net%252Ff18819d0e31643%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2Fthivien.net&layout=standard&locale=en_US&sdk=joey&share=false&show_faces=false&width=440
Frame ID: 863340C7A90BD80625F86645C1B77C20
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js
Frame ID: 69B72B37203CF4A62A7BA475F70338C3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8BEE652E47B95F59CC1EA092D5D151AA
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 13702AD2C9948FD9D21426240E5449E0
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Thi Viện

Page URL History Show full URLs

http://thica.com/ HTTP 301
http://www.thica.org/ HTTP 301
http://www.thivien.net/ HTTP 301
https://www.thivien.net/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

170
Requests

96 %
HTTPS

77 %
IPv6

19
Domains

29
Subdomains

26
IPs

4
Countries

2751 kB
Transfer

6688 kB
Size

16
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/thivien.net

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https%3A%2F%2Fwww.thivien.net%2F

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/button/?url=https%3A%2F%2Fwww.thivien.net%2F

Search URL Search Domain Scan URL

URL: https://www.tumblr.com/share/link?url=https%3A%2F%2Fwww.thivien.net%2F

Search URL Search Domain Scan URL

URL: https://hvdic.thivien.net/
Title: Từ điển Hán Việt trực tuyến

Search URL Search Domain Scan URL

URL: https://www.facebook.com/v2.10/dialog/oauth?client_id=456842347781417&state=7577c2409a7b9c151941097bb893215b&response_type=code&sdk=php-sdk-5.7.0&redirect_uri=https%3A%2F%2Fwww.thivien.net%2Ffacebook-login.php&scope=email
Title: Đăng nhập bằng Facebook

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://thica.com/ HTTP 301
http://www.thica.org/ HTTP 301
http://www.thivien.net/ HTTP 301
https://www.thivien.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1660929876&utmhn=www.thivien.net&utme=8(Section*LoggedIn*Mobile)9(Home*No*No)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Thi%20Vi%E1%BB%87n&utmhid=206671390&utmr=-&utmp=%2F&utmht=1677658133924&utmac=UA-31319182-1&utmcc=__utma%3D150790643.1385919515.1677658134.1677658134.1677658134.1%3B%2B__utmz%3D150790643.1677658134.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1144941097&utmredir=3&utmu=qQAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31319182-1&cid=1385919515.1677658134&jid=1144941097&_v=5.7.2dc&z=1660929876

Request Chain 50

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1&C=1

Request Chain 51

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-8IFtetZdAclCAYRLolnwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1

Request Chain 52

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGASApsKP_BWAU2CUSU-eSk&google_cver=1

Request Chain 53

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMwMTQ1NDY2NTYwNjc5Nzk1OA%3D%3D

Request Chain 58

https://fw.adsafeprotected.com/rfw/bgd/1194052/66719880/xbbe/creative/adj?p=APEucNUPMK3RZ_GaCtwNUsxDa88xMrVWqCFCMQC_fjkEBPO5eAKdnvk&d=CokBAKAmf-AOWdPRczBhl5dkO9pR05l7v7EQqv-dZdgfuzNnKr4GHhDyuPL7rqNehsWChXHM5Zk_8EEMExn7c_NznsCPAekaDNkPCCZIWlHY_tjakRs2MJwTSWpjpEBeZN1CSENbxTLhUqFpR3wTMyNxYcBHkGdKKhfKSyYVX8P5kLuTOhQqPifnGZ4SmRMAoCZ_4JpRxug7UeQRaaWCFvSS8l-o8ulbhHvZvYXNF5rjagrF0Law1DeRMO8rzLPl7u3gtm0E0TYIJqoQwJQjUBEKJ_HDnVJVK1-ZkesXAyJsOqeM1bgVV4sHMn_5ox1huHHFuuP7QMHqyJnR2q03Xu5buWyM2OO4ZiaD_5AbPUz7if-RS1nnfye14V0QPlR9CSwhh8CQCeWq02xRItgA3b2ELR9SQdhvaii4xUcTUnYStbufO-GDjJQ0b5HDdHA79KttG67AkhNRW_XNNfqWdOKb0HEAJwWMrHxMxBtq58UZmcaEbhrCepEkQURxzbelfUof02I-tuBQwOK2CgQ05v0jrp_S3bjlUAuT80kV4J_15cQasAanUSETV-PjCAo-RfscPc970faMTJzSa65cemYC3-fjCmm2rKwMUtVLApjpglOa1VG1dx3nyQql6DdOZQtTb8RxfZVbwzBJarrqupM3FXIn_DCW7tAGfgVQsur6hngSAV_GQRX8jkpRRbhi4qv9ziG3P-QdCvaUfSu4Mz0olg4Jz1MOLkw7BSk5PmfZulxJFEf1mcbfFuehGUmHxCzdzwkbBFDuYSccN-catsQtUzen8D_Rz_339Q3zocIDvI91yUGpJYlaJ0Uxa2nuwIiDwzOnz_5LQpge4587T4JoUF5QWFro6xfVSy7h77i7d0FBqGwb2mfP9CTO36OpzGkg89ZK5Ro04QWv7PiGt1J8qMoctNprYD-8WNp1OTIz0DhVJdAA_gQZKnpHmM66tU5vn8AhtKXyFrIqZ_nPiSLb4Z6jYC3ZEI-U6ojSEl_ED-wwkX6QZCcaQWm-yThPWufFJLrOh5E3gVweM7sy1td5YyZTZLEmMI1tVbJm3ZtkCsu6cH4rypoIUQ_3UcwPDBak9TULWE9XlPi4KiDNX3B_q-P7ceO47gWKeT-bJt4VdMa3i2UFUyvv9xCnmMopclIZZXCVoZrFgGZaDNx-DG8ektFRpln_ZTx4T1oJ_HS7vkJUH5NU-eSMHsY-Ly_xE097YC6eKWNrFyx4GFbNarj4LyX2j96RcrKbeCYJp_0UqcmdL0QECu0s--Il7eWoTw1QI69V7hsDQGFbWiwIEcyVbXd6BURXLtpKpR34-rT3US1HzsUbL6LirwayTcE0W5HQQeYWfQNIdSafd60-fmmRGur3NkulAlj0FWEjkhybeDyMiyHtBfaGanQV8N6YM12QlN2munuc3d2vgHIXpb4yKhizoEMabvOr3PieOslXen4EYVJ3Hn5dh0p9OdL1OYOaOncArrpEmHyPGPCMC8GXCT1IEb72wEscZp3EYf_kJkXSNSa9Wi-J7fuZjbthya1fCdwi4MVihMCBGGqUe0p-uG5Q1UyxxdkcIaqdiU9FlwbZeraycEcrjCLw1OIcgQ78azQ9mBQkXVtt_EVpvPgxE2rI1HMzHd5zhYeVEv3VUAEdNNhieGeZgFK7oajNjNDK1Xypmcltlw64qhu9tFOCixiDYAiSc5KJipL4wciwSZqHwDp4tFwYZIzpmasdZX2Fllp34EZ0cflZg2NgYwRVzww-cI01QhlLej-38t7h1KHxqVX4jOyUWtPzAvKMxYhsUMktD2FPA9JgVVqLwCV-SoUYjJyHlUbj-7iJdjo5QbXAal3pcTA4ZmXaU25KSRYcq1LsG7BQa8U7OOt0CICwyW7xQBiwaBSbwKulMgOs1xtP9bTt7RLArNcB1NAupbO6rJ4-ab8bYWtKxKPnyYK7RFl1rgM83Olu6oLPOBlPmUd9CEgHw7Syk7l4xy-14iNGNtEORCJrufzV71g5Z9hlTChhn8lQ9jpKuaG0z0nd_8_XAs_ka9Uh0rvBK_0CF58LnPZADEInADvLAculhWRw9bHLXq26RdGBSG167JvQtO_Z-L-YmNZWP9KDsZwNVyl46q6tRW8Bi-lzKIoFWEo3uB2EIJ2j9pNFDPolEFeC3UcwJHIgaX6et3g5bLwQMp5UL5HX4-pTq3i-cuDIsgNLwADl2gun9jovO3g6zqQ-rFFi57JSKl3ERR-K1DGwrAmYMns87ycgnQYg15YKykDg3WwyNHQouTLEQEHjx3qjo9OcwVbD-2vBPD_Qr-mvaPayiwgte53ByVD6WRCAnbFHpwkKW_LkxC-IzAxj1WCyJbEU99vzS6cOk_mR94DwnHQyWKbe4nE3OjUzNlAeglwWUKA5_oKIvQZREmFNuP0kQozh2Xw5NutVmJeyLCXeKmmLysOOWmo9_KrJe_Hzbp76UKO5iYhkMspV1VRY5Z9pajyWjsm3RwpMIQNJD0LigqbQ9Tp87fQZBTGa4HFpX9hlF8-dmeA9n8LQqveZU3xdFcA9WggTnUTFkJpCVIKhda1RH29KJ2a3xoywH5JgXlau0LR0xXdiXVkUOI59AhajJthGWzRgN80V9gcLGGtt8nhyXRuEShvN9G4japSm39biBNSfO5xSCP2-lsEZWI7McimrE4zQZXGmMYl_RMsPy_qRuwwgf9Fu6H-ODAaGhNcdD3knVrq1tKRVybx51TnGS3Nks-LN01mh63YQix5usttSO4pRPg18YIMdvm6WlLhu-PkZGmBF-Kvy3cZmu9VPiYSx7J3QCE8zWbS7QA9tXndBNgPG7-jpHhAEo11WteX9L3nralIS99J6z21qa368zf6Es_snNKsiCxKJhdnkz31OxCdF2HbU-m3bkKX88yiN9j4T84VWCwBT6FZNY8iNevaUJxiA4ckWNcH3kRECZFV3iK_ubJDjRyFK3Hq7jZNw4vhsV_J2hkHTTaDkVr7-b2grRH5BCo62p0lZ-jhS5vnLFsUt5R2vRjx7EOercA9yvOXk7iLQoyxxQZgbwVma_r9a6bH_4EDsePlzfJS41kHJeKrTnP2CS14dTu9g2kVeM52DS0HzONLLjcOhnFOclIpFFTHbZIWGhcMKTmO-4_trX6yoahoUHQXkWbG2WYR0qI9IkSoErLkDucdM-d9NwsicgUKrqK4YqOqu53AAkkDsAfd7m_qxMjekh5tP2O_Y_dXGmx6I8MB57HStDYro1wyg2DbSfYW4Gq2f7QPs6M4WlU1r6AY0pYwSZqK4IYEil7mfUYtM0uZ1TIbQFmFXLmJ7IV_F3Loknwp7x8HTGAPHauN6iohIOrUwKsQMDw-rWPe-5G4-A7bfyp4XAaK4FToXg_-3s4jhZWqZsSMVYcyQL8KxPCqhcwo5I-DXrM6AVR_vdM26Vu-486_edDvslTtFdakt6Nrj-xVKOvaNnZda1iY8288aUQgEEksA1BOcphj_YBfftQVxQGaDZMTayUcsd-W0t65z9jg8fjyNHb06t6cJuKaSBeQ6qtC4lvQcw1_udxlBeC3SK6gA_bBadYFZT4luthAYAWAB&cry=1&adsafe_url=https%3A%2F%2Fwww.thivien.net&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.thivien.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:ddb91d61-12d3-3b06-c77a-956ea41c75b8,c:5AY5RV,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-558b6fc9f9-jvh5m,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:txeOyQY+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18*.1194052-66719880%7C181,idMap:18*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:24,oid:4f1441d5-b808-11ed-bb94-fa0ed9b4ba16,v:19.8.397,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 144

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 162

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

170 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.thivien.net/
Redirect Chain

http://thica.com/
http://www.thica.org/
http://www.thivien.net/
https://www.thivien.net/

48 KB
16 KB

1031ms
479ms

Document
text/html

222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 / PHP/8.0.9
Resource Hash: 079fa76f67ce1099588de570da58dd17572c501bc2812381aa67337c8986ff67

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: private, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 01 Mar 2023 08:08:53 GMT
Expires: Wed, 01 Mar 2023 08:08:53 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Wed, 01 Mar 2023 08:08:53 GMT
Pragma: no-cache
Server: Apache/2.4.48 (Win64) PHP/8.0.9
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Powered-By: PHP/8.0.9

Redirect headers

Connection: Keep-Alive
Content-Length: 313
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 01 Mar 2023 08:08:51 GMT
Keep-Alive: timeout=5, max=100
Location: https://www.thivien.net/
Server: Apache/2.4.18 (Ubuntu)

GET
H/1.1 200
OK thivien-bootstrap.min.1669622193.css
www.thivien.net/lib/bootstrap/dist/css/ 133 KB
24 KB 275ms
274ms Stylesheet
text/css 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: 84604fb0bdd38ebb5934d5c9351465d66a0505399cf389ea25970ac42e6da866

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:53 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Nov 2022 07:56:33 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "2152d-5ee8335c515ab-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Fri, 31 Mar 2023 08:08:53 GMT

GET
H/1.1 200
OK head.load.min-1.0.3.js Show response
www.thivien.net/lib/ 4 KB
2 KB 533ms
270ms Script
application/javascript 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/lib/head.load.min-1.0.3.js
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: 4a642da827ad3fb5b4bd419082f0b6da9e60654433368a9d3cb829058ba19f28

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Content-Encoding: gzip
Last-Modified: Sun, 07 Dec 2014 00:37:46 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "11fd-5099584cb4fa1-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
49 KB 59ms
34ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5466764586357052

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c25eedc2a9d7b2d5677b9843ad2189f6395ebb0d1bf19ab7841c880ca5f1d353

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49604
x-xss-protection: 0
server: cafe
etag: 7935357533532509862
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 08:08:53 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
27 KB 43ms
28ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

59b45f14285c4aeadef95ddba1cb7101782bffadccd75b26815d13cad26288fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26877
x-xss-protection: 0
server: sffe
etag: "1497 / 946 of 1000 / last-modified: 1677625601"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 01 Mar 2023 08:08:53 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 16ms
5ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a81608dc339cafe20ae03a65bf23b8bb1ba43a2849b7d6d1ca17a5bfeb9f12a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 01 Mar 2023 08:08:53 GMT
content-md5: db/e/YXRkLCyjSth9rMZNw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: HqokX8fQecRricQKYnYAofWFjSNipktOJ1A8AWGRlGcBcYNsPGbGrl4vv+ydKdFwjlJsBD6zQ+lMrbRKqXAs2w==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1512268381
x-fb-content-md5: 669fae4ecfded7f5fd24ad4e0f3e9bfa
cross-origin-opener-policy: same-origin-allow-popups
etag: "d1f24248e808013569ba5c91b137ad82"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
x-frame-options: DENY
timing-allow-origin: *
expires: Wed, 01 Mar 2023 08:27:08 GMT

GET
H/1.1 200
OK facebook-logo.png
www.thivien.net/image/ 9 KB
9 KB 272ms
271ms Image
image/png 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/image/facebook-logo.png
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: dad893597cee2d49406c054380f9c338d1838db41083896ded6ccc6f26d8ef6a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Last-Modified: Fri, 13 Nov 2020 15:47:37 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "2367-5b3fef2a385da"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 9063
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H2 200 jquery-2.2.4.min.js Show response
code.jquery.com/ 84 KB
29 KB 25ms
5ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-2.2.4.min.js
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/head.load.min-1.0.3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
content-encoding: gzip
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
server: nginx
etag: W/"611feac9-14e4a"
vary: Accept-Encoding
x-hw: 1677658133.dop005.ny3.t,1677658133.cds242.ny3.hn,1677658133.cds003.ny3.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 29811

GET
H/1.1 200
OK thivien-bootstrap-theme.min.1669622193.css
www.thivien.net/lib/bootstrap/dist/css/ 17 KB
3 KB 272ms
272ms Stylesheet
text/css 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap-theme.min.1669622193.css
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/head.load.min-1.0.3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: b774f9aed6fedf4b4421dad8f0a3bd6415fd5cb2d31ea925005767a48b33da1c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Content-Encoding: gzip
Last-Modified: Mon, 28 Nov 2022 07:56:33 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "4236-5ee8335c58d46-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 24ms
12ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/lib/head.load.min-1.0.3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 617
age: 2189158
cdn-cachedat: 2021-06-08 14:35:32
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cdn-cache: HIT
access-control-allow-origin: *
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 0ad526c1cf8d0ceadd42f13ae6e76428
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 7a0fea27ac7ac477-EWR
cdn-requestpullsuccess: True

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OWaA.ttf
fonts.gstatic.com/s/robotoslab/v24/ 100 KB
59 KB 25ms
9ms Font
font/ttf 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjoa4OWaA.ttf

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e02967640f9cc70fa78896356f18e59ab1ab17cd63ad9becc5e183ed5e57a71f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:59:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475763
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60538
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:16:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 19:59:30 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1y4n.ttf
fonts.gstatic.com/s/opensans/v34/ 119 KB
71 KB 20ms
4ms Font
font/ttf 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsg-1y4n.ttf

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

acc77d953020ee0ed38f6367aa3b9559bb49472dedccfb652d37bfd8836fa2e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 14:24:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 495872
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 72585
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:16:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 14:24:21 GMT

GET
H2 200 memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4n.ttf
fonts.gstatic.com/s/opensans/v34/ 119 KB
73 KB 23ms
8ms Font
font/ttf 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0C4n.ttf

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a148c8e49519dad1c63a5b4f880e96c6542708b49b0ee68f2a332eb92f0061e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 14:16:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 496336
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74768
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:12:25 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 14:16:37 GMT

GET
H/1.1 200
OK bullet_novelty.png
www.thivien.net/image/ 142 B
507 B 283ms
283ms Image
image/png 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/image/bullet_novelty.png
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: 76dfc7a91c655476ad47819d7c2ce497cabf6ab461f7c71f2f2a32afeb02fb06

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Last-Modified: Mon, 15 Dec 2014 15:24:12 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "8e-50a42d5b2fe9c"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 142
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H/1.1 200
OK icon_new.gif
www.thivien.net/image/ 111 B
475 B 500ms
269ms Image
image/gif 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/image/icon_new.gif
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: 95b336f43efe86a337daa463a0b08d32a90ff906faeb598b9697b3355fe9be1b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Last-Modified: Fri, 28 Nov 2008 17:57:34 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "6f-45cc39883df80"
Content-Type: image/gif
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 111
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H3 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/ 75 KB
76 KB 28ms
19ms Font
font/woff2 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 1029
age: 152030
cdn-cachedat: 01/02/2023 00:17:33
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 77160
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: "af7ae505a9eed503f8b8e6982036873e"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 05d65c5afb27510db34db75b554a310d
accept-ranges: bytes
timing-allow-origin: *
cdn-requestcountrycode: US
cdn-status: 200
cf-ray: 7a0fea27e9ad8cda-EWR
cdn-requestpullsuccess: True

GET
H/1.1 200
OK 2R1pqPeHsTPRwBabnUjdDQ.1215260428.jpg
www.thivien.net/attachment/ 34 KB
35 KB 509ms
306ms Image
image/jpeg 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/attachment/2R1pqPeHsTPRwBabnUjdDQ.1215260428.jpg
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 / PHP/8.0.9
Resource Hash: d06df53bd8ab72285864d95c968e3fdf2b1ec2301a2757fa2bb1058c7479e6ef

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Last-Modified: Wed, 01 Mar 2023 08:08:54 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
X-Powered-By: PHP/8.0.9
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 35131
Expires: Thu, 29 Feb 2024 08:08:54 GMT

GET
H/1.1 200
OK avRgsRTyuGrSB2ItmEYPag.1674871276.jpg
www.thivien.net/attachment/ 94 KB
95 KB 559ms
304ms Image
image/jpeg 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/attachment/avRgsRTyuGrSB2ItmEYPag.1674871276.jpg
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 / PHP/8.0.9
Resource Hash: cd612255ea4905b4cc1e31f5a2fd6afc03d1de930f7c5787089dcde01414b89d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Last-Modified: Wed, 01 Mar 2023 08:08:54 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
X-Powered-By: PHP/8.0.9
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 96571
Expires: Thu, 29 Feb 2024 08:08:54 GMT

GET
H2 200 BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISWaA.ttf
fonts.gstatic.com/s/robotoslab/v24/ 99 KB
57 KB 6ms
4ms Font
font/ttf 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v24/BngbUXZYTXPIvIBgJJSb6s3BzlRRfKOFbvjojISWaA.ttf

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/lib/bootstrap/dist/css/thivien-bootstrap.min.1669622193.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9fdff1ff00c7adcd655c77f6c69fc290a77119c7834f2d1ed224e3e3631eb5f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:59:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 475778
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58005
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 19:16:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 19:59:15 GMT

GET
H2 200 dc.js Show response
stats.g.doubleclick.net/ 45 KB
17 KB 33ms
11ms Script
text/javascript 2607:f8b0:4004:c1b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 01 Mar 2023 07:31:05 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 2268
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17093
expires: Wed, 01 Mar 2023 09:31:05 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 306 KB
87 KB 4ms
4ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=4b5b2b0744b0bf642fa517ae36d52184

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7ed69dd94665113ef6a0491ee025cd52bb7115040dfa7e7883c02e174b123fe2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.thivien.net/
Origin: https://www.thivien.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 01 Mar 2023 08:08:53 GMT
content-md5: 8QtbwL84pa3Opp9ZrSVnJw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 88520
x-fb-rlafr: 0
x-fb-debug: A23mSYapHdPyspekOKSu3i8EhhIAtxyPrU/NEO1Dxj9xEfyORCutKOP/zEYLstqlyUfS7lUnrYv/r3j5NlsKyw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-trip-id: 1512268381
x-fb-content-md5: 86cf8b284943ddf4f48f92d248299565
cross-origin-opener-policy: same-origin-allow-popups
etag: "a7bc06438ef939aa5fc6b2cb7b1a788d"
vary: Accept-Encoding
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Thu, 29 Feb 2024 06:41:18 GMT

GET
H/1.1 200
OK thivien-bootstrap.min.1572962695.js Show response
www.thivien.net/lib/bootstrap/dist/js/ 35 KB
10 KB 541ms
270ms Script
application/javascript 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/lib/bootstrap/dist/js/thivien-bootstrap.min.1572962695.js
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/head.load.min-1.0.3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: a7c4110155a3f061c37d1468692bb077d10d113009c30fff5da92bf7554c559c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
Content-Encoding: gzip
Last-Modified: Tue, 05 Nov 2019 14:04:55 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "8a08-59699eab632eb-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Expires: Fri, 31 Mar 2023 08:08:54 GMT

GET
H/1.1 200
OK thivien.1674888948.js Show response
www.thivien.net/ 50 KB
18 KB 585ms
274ms Script
application/javascript 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to

Full URL: https://www.thivien.net/thivien.1674888948.js
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/lib/head.load.min-1.0.3.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 /
Resource Hash: 71c8d8b213ba2212534b3ba0fd575b76e7a8c5b44eb52123f7dda878406237cd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:55 GMT
Content-Encoding: gzip
Last-Modified: Sat, 28 Jan 2023 06:55:48 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
ETag: "c978-5f34d78ce697a-gzip"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Expires: Fri, 31 Mar 2023 08:08:55 GMT

GET
H/1.1 200
OK h3z4wTXCrM6Xf0uVgifD0A.1557760313.jpg
www.thivien.net/attachment/ 64 KB
64 KB 612ms
313ms Image
image/jpeg 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/attachment/h3z4wTXCrM6Xf0uVgifD0A.1557760313.jpg
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 / PHP/8.0.9
Resource Hash: 21532c92afdb6ee683dc0831b4c4c31cef58951dc9fc0ecb0b9d5e27f3bf16fb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:55 GMT
Last-Modified: Wed, 01 Mar 2023 08:08:55 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
X-Powered-By: PHP/8.0.9
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 65051
Expires: Thu, 29 Feb 2024 08:08:55 GMT

GET
H/1.1 200
OK AluKbD8f6NSXWg9DKXa6SA.1637081826.jpg
www.thivien.net/attachment/ 78 KB
79 KB 408ms
325ms Image
image/jpeg 222.252.4.155
VNPT-AS-VN VNPT Corp

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.thivien.net/attachment/AluKbD8f6NSXWg9DKXa6SA.1637081826.jpg
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 222.252.4.155 Hanoi, Viet Nam, ASN45899 (VNPT-AS-VN VNPT Corp, VN),
Reverse DNS: static.vnpt-hanoi.com.vn
Software: Apache/2.4.48 (Win64) PHP/8.0.9 / PHP/8.0.9
Resource Hash: 87113c1d3fabf56718bb13834f36e179a2896a10fbd0ece17abea83e72bb145d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Wed, 01 Mar 2023 08:08:55 GMT
Last-Modified: Wed, 01 Mar 2023 08:08:55 GMT
Server: Apache/2.4.48 (Win64) PHP/8.0.9
X-Powered-By: PHP/8.0.9
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 80162
Expires: Thu, 29 Feb 2024 08:08:55 GMT

GET
H2 200 pubads_impl_2023022301.js Show response
securepubads.g.doubleclick.net/gpt/ 384 KB
130 KB 4ms
4ms Script
text/javascript 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f13c6b3026bf5f9437ea17554965e56be1b5ab25b5cf6f3de7415b5b8bd2f60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 20:36:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41552
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132695
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 09:36:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Wed, 28 Feb 2024 20:36:21 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 1 KB
482 B 30ms
18ms XHR
application/json 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.thivien.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fe433adb90f1b6314bb035fc6fcd2981c54c3cd192bd4fd74a498d83facc4fed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 457
x-xss-protection: 0
expires: Wed, 01 Mar 2023 08:08:53 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/ 366 KB
120 KB 52ms
41ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5466764586357052

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f323e9916e2dcec1625d0654d3e4055a76cb7162d1c477625d898c5946eeffa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 123268
x-xss-protection: 0
server: cafe
etag: 9198072356197653888
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 08:08:53 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230227/r20190131/ Frame 0471 10 KB
5 KB 19ms
3ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230227/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5466764586357052

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 45572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Feb 2023 19:29:21 GMT
etag: 2378337311435320485
expires: Tue, 14 Mar 2023 19:29:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

ga-audiences
www.google.com/ads/
Redirect Chain

https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=1660929876&utmhn=www.thivien.net&utme=8(Section*LoggedIn*Mobile)9(Home*No*No)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc...
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31319182-1&cid=1385919515.1677658134&jid=1144941097&_v=5.7.2dc&z=1660929876

42 B
408 B

37ms
21ms

Image
image/gif

2607:f8b0:4006:81f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31319182-1&cid=1385919515.1677658134&jid=1144941097&_v=5.7.2dc&z=1660929876

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Server

2607:f8b0:4006:81f::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:53 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Mar 2023 08:08:53 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/html; charset=UTF-8
location: https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31319182-1&cid=1385919515.1677658134&jid=1144941097&_v=5.7.2dc&z=1660929876
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 371
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 41ms
25ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.thivien.net

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 25 KB
9 KB 315ms
315ms XHR
text/plain 2607:f8b0:4006:80c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2558192966104257&correlator=1941153548931749&eid=31072020%2C31072517%2C21065725&output=ldjh&gdfp_req=1&vrg=2023022301&ptt=17&impl=fifs&iu_parts=27973503%2CPublishers%2CDesktop%2CLarge1%2Cthivien.net&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4&prev_iu_szs=300x600&ifi=7&adks=176123063&didk=1218848056&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1677658134005&lmt=1677658133&dlt=1677658133130&idt=843&adxs=1075&adys=1252&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fwww.thivien.net%2F&frm=20&vis=1&psz=300x600&msz=300x600&fws=516&ohw=1600&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

199b2f6d3a1d7ee96984e5ef257ccdc8403913c54bb16de97558aa3bd6ba1f67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9202
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.thivien.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame DCA9 6 KB
3 KB 54ms
17ms Document
text/html 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Thu, 29 Feb 2024 08:08:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 17ms
5ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=456842347781417&ev=fb_page_view&dl=https%3A%2F%2Fwww.thivien.net%2F&rl=&if=false&ts=1677658134020&sw=1600&sh=1200&at=

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 01 Mar 2023 08:08:54 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
602 B 35ms
19ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.thivien.net&callback=_gfp_s_&client=ca-pub-5466764586357052

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e924b8c34766cfb6092da5ca6d9f98e5bd5972946f1d7f1822057f10e79c3599

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 251
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 18ms
18ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=NAV&id=HeadBar&cls=navbar%20navbar-default%20navbar-fixed-top&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E81F 183 KB
51 KB 414ms
413ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&adk=1812271804&adf=3025194257&lmt=1677658133&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x810_r&format=0x0&url=https%3A%2F%2Fwww.thivien.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133864&bpp=5&bdt=734&idt=172&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5619359012683&frm=20&pv=2&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=196

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6338ec3de5ae47380cd6a7ca4ec9e4546ca1efccc9353d50e4af73d61105861

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 51876
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B9B1 133 KB
40 KB 560ms
560ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8eea259e9ec11dd3980f263480dd5f95e8218555cd57f4a073d4665e1affb5e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41040
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0D53 94 KB
33 KB 476ms
474ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=250&slotname=4323823526&adk=3766599677&adf=1372361623&pi=t.ma~as.4323823526&w=300&lmt=1677658133&format=300x250&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133875&bpp=1&bdt=745&idt=201&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=385&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2sqd9yHy4d&p=https%3A//www.thivien.net&dtd=205

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2ff484e17c5762aca9d28ef090a9514592712e78bf1f6621af41352ab98e9a30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 34201
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 21ms
20ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.thivien.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DA43 83 KB
32 KB 491ms
491ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=600&slotname=6079758327&adk=4155854282&adf=2789987547&pi=t.ma~as.6079758327&w=300&lmt=1677658133&format=300x600&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=219&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=641&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BuAijCqzWZ&p=https%3A//www.thivien.net&dtd=224

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e1424ee6ae04cfe8dcca8fb4af13c1703cab408e83f89a301a515a58f419cca9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 32577
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 52F4 88 KB
16 KB 399ms
398ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=107748359&adf=3254301053&pi=t.ma~as.2707489529&w=840&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=840x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=227&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250%2C300x600&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=0lMAkLRKkC&p=https%3A//www.thivien.net&dtd=230

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

39904940522bb09bbd737535004d61b844d03c58434a318557a5674655406d9b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 16569
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8F11 6 KB
3 KB 5ms
4ms Document
text/html 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Thu, 29 Feb 2024 08:08:54 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 20F3 624 B
246 B 24ms
22ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-L8QIQ5O66_wMY_fGu1QEwAQ&v=APEucNWxkXOoqL5t4RRwBhe-i4b_8LKbdE7ZYbrbHbxjB8EYIo01MEExo2ViB5_MAGDaFMQC_Fc_Ye3nSzH-I4mEqDvra0mDgg

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:54 GMT
expires: Wed, 01 Mar 2023 08:08:54 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 8F11 78 KB
27 KB 23ms
22ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 42 B
63 B 19ms
17ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BGV9dXCx7LlVj4RugoSOrFwibq0XwJ19s9qoly_CXQ8JiwY-K5jl_HlVGfR1YoKRbHytLJKf6w5mHHHqHBbC3QXCfeYmBTzaiEYKha23hUVeDwd0I

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 0
20 B 20ms
18ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=12254389260500489954&x=1&ct=76

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1194052/66719880/xbbe/creative/ Frame 8F11 249 KB
76 KB 63ms
13ms Script
application/javascript 52.22.86.99
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1194052/66719880/xbbe/creative/adj?p=APEucNUPMK3RZ_GaCtwNUsxDa88xMrVWqCFCMQC_fjkEBPO5eAKdnvk&d=CokBAKAmf-AOWdPRczBhl5dkO9pR05l7v7EQqv-dZdgfuzNnKr4GHhDyuPL7rqNehsWChXHM5Zk_8EEMExn7c_NznsCPAekaDNkPCCZIWlHY_tjakRs2MJwTSWpjpEBeZN1CSENbxTLhUqFpR3wTMyNxYcBHkGdKKhfKSyYVX8P5kLuTOhQqPifnGZ4SmRMAoCZ_4JpRxug7UeQRaaWCFvSS8l-o8ulbhHvZvYXNF5rjagrF0Law1DeRMO8rzLPl7u3gtm0E0TYIJqoQwJQjUBEKJ_HDnVJVK1-ZkesXAyJsOqeM1bgVV4sHMn_5ox1huHHFuuP7QMHqyJnR2q03Xu5buWyM2OO4ZiaD_5AbPUz7if-RS1nnfye14V0QPlR9CSwhh8CQCeWq02xRItgA3b2ELR9SQdhvaii4xUcTUnYStbufO-GDjJQ0b5HDdHA79KttG67AkhNRW_XNNfqWdOKb0HEAJwWMrHxMxBtq58UZmcaEbhrCepEkQURxzbelfUof02I-tuBQwOK2CgQ05v0jrp_S3bjlUAuT80kV4J_15cQasAanUSETV-PjCAo-RfscPc970faMTJzSa65cemYC3-fjCmm2rKwMUtVLApjpglOa1VG1dx3nyQql6DdOZQtTb8RxfZVbwzBJarrqupM3FXIn_DCW7tAGfgVQsur6hngSAV_GQRX8jkpRRbhi4qv9ziG3P-QdCvaUfSu4Mz0olg4Jz1MOLkw7BSk5PmfZulxJFEf1mcbfFuehGUmHxCzdzwkbBFDuYSccN-catsQtUzen8D_Rz_339Q3zocIDvI91yUGpJYlaJ0Uxa2nuwIiDwzOnz_5LQpge4587T4JoUF5QWFro6xfVSy7h77i7d0FBqGwb2mfP9CTO36OpzGkg89ZK5Ro04QWv7PiGt1J8qMoctNprYD-8WNp1OTIz0DhVJdAA_gQZKnpHmM66tU5vn8AhtKXyFrIqZ_nPiSLb4Z6jYC3ZEI-U6ojSEl_ED-wwkX6QZCcaQWm-yThPWufFJLrOh5E3gVweM7sy1td5YyZTZLEmMI1tVbJm3ZtkCsu6cH4rypoIUQ_3UcwPDBak9TULWE9XlPi4KiDNX3B_q-P7ceO47gWKeT-bJt4VdMa3i2UFUyvv9xCnmMopclIZZXCVoZrFgGZaDNx-DG8ektFRpln_ZTx4T1oJ_HS7vkJUH5NU-eSMHsY-Ly_xE097YC6eKWNrFyx4GFbNarj4LyX2j96RcrKbeCYJp_0UqcmdL0QECu0s--Il7eWoTw1QI69V7hsDQGFbWiwIEcyVbXd6BURXLtpKpR34-rT3US1HzsUbL6LirwayTcE0W5HQQeYWfQNIdSafd60-fmmRGur3NkulAlj0FWEjkhybeDyMiyHtBfaGanQV8N6YM12QlN2munuc3d2vgHIXpb4yKhizoEMabvOr3PieOslXen4EYVJ3Hn5dh0p9OdL1OYOaOncArrpEmHyPGPCMC8GXCT1IEb72wEscZp3EYf_kJkXSNSa9Wi-J7fuZjbthya1fCdwi4MVihMCBGGqUe0p-uG5Q1UyxxdkcIaqdiU9FlwbZeraycEcrjCLw1OIcgQ78azQ9mBQkXVtt_EVpvPgxE2rI1HMzHd5zhYeVEv3VUAEdNNhieGeZgFK7oajNjNDK1Xypmcltlw64qhu9tFOCixiDYAiSc5KJipL4wciwSZqHwDp4tFwYZIzpmasdZX2Fllp34EZ0cflZg2NgYwRVzww-cI01QhlLej-38t7h1KHxqVX4jOyUWtPzAvKMxYhsUMktD2FPA9JgVVqLwCV-SoUYjJyHlUbj-7iJdjo5QbXAal3pcTA4ZmXaU25KSRYcq1LsG7BQa8U7OOt0CICwyW7xQBiwaBSbwKulMgOs1xtP9bTt7RLArNcB1NAupbO6rJ4-ab8bYWtKxKPnyYK7RFl1rgM83Olu6oLPOBlPmUd9CEgHw7Syk7l4xy-14iNGNtEORCJrufzV71g5Z9hlTChhn8lQ9jpKuaG0z0nd_8_XAs_ka9Uh0rvBK_0CF58LnPZADEInADvLAculhWRw9bHLXq26RdGBSG167JvQtO_Z-L-YmNZWP9KDsZwNVyl46q6tRW8Bi-lzKIoFWEo3uB2EIJ2j9pNFDPolEFeC3UcwJHIgaX6et3g5bLwQMp5UL5HX4-pTq3i-cuDIsgNLwADl2gun9jovO3g6zqQ-rFFi57JSKl3ERR-K1DGwrAmYMns87ycgnQYg15YKykDg3WwyNHQouTLEQEHjx3qjo9OcwVbD-2vBPD_Qr-mvaPayiwgte53ByVD6WRCAnbFHpwkKW_LkxC-IzAxj1WCyJbEU99vzS6cOk_mR94DwnHQyWKbe4nE3OjUzNlAeglwWUKA5_oKIvQZREmFNuP0kQozh2Xw5NutVmJeyLCXeKmmLysOOWmo9_KrJe_Hzbp76UKO5iYhkMspV1VRY5Z9pajyWjsm3RwpMIQNJD0LigqbQ9Tp87fQZBTGa4HFpX9hlF8-dmeA9n8LQqveZU3xdFcA9WggTnUTFkJpCVIKhda1RH29KJ2a3xoywH5JgXlau0LR0xXdiXVkUOI59AhajJthGWzRgN80V9gcLGGtt8nhyXRuEShvN9G4japSm39biBNSfO5xSCP2-lsEZWI7McimrE4zQZXGmMYl_RMsPy_qRuwwgf9Fu6H-ODAaGhNcdD3knVrq1tKRVybx51TnGS3Nks-LN01mh63YQix5usttSO4pRPg18YIMdvm6WlLhu-PkZGmBF-Kvy3cZmu9VPiYSx7J3QCE8zWbS7QA9tXndBNgPG7-jpHhAEo11WteX9L3nralIS99J6z21qa368zf6Es_snNKsiCxKJhdnkz31OxCdF2HbU-m3bkKX88yiN9j4T84VWCwBT6FZNY8iNevaUJxiA4ckWNcH3kRECZFV3iK_ubJDjRyFK3Hq7jZNw4vhsV_J2hkHTTaDkVr7-b2grRH5BCo62p0lZ-jhS5vnLFsUt5R2vRjx7EOercA9yvOXk7iLQoyxxQZgbwVma_r9a6bH_4EDsePlzfJS41kHJeKrTnP2CS14dTu9g2kVeM52DS0HzONLLjcOhnFOclIpFFTHbZIWGhcMKTmO-4_trX6yoahoUHQXkWbG2WYR0qI9IkSoErLkDucdM-d9NwsicgUKrqK4YqOqu53AAkkDsAfd7m_qxMjekh5tP2O_Y_dXGmx6I8MB57HStDYro1wyg2DbSfYW4Gq2f7QPs6M4WlU1r6AY0pYwSZqK4IYEil7mfUYtM0uZ1TIbQFmFXLmJ7IV_F3Loknwp7x8HTGAPHauN6iohIOrUwKsQMDw-rWPe-5G4-A7bfyp4XAaK4FToXg_-3s4jhZWqZsSMVYcyQL8KxPCqhcwo5I-DXrM6AVR_vdM26Vu-486_edDvslTtFdakt6Nrj-xVKOvaNnZda1iY8288aUQgEEksA1BOcphj_YBfftQVxQGaDZMTayUcsd-W0t65z9jg8fjyNHb06t6cJuKaSBeQ6qtC4lvQcw1_udxlBeC3SK6gA_bBadYFZT4luthAYAWAB&cry=1
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.86.99 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-86-99.compute-1.amazonaws.com
Software: /
Resource Hash: 8ebbf5bba57c2f5dce8b41e60e3522bc40fc3c9c4cf611998773469e30c1b72f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 8F11 3 KB
1 KB 6ms
4ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/window_focus_fy2021.js

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 8F11 20 KB
9 KB 5ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 09:52:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5959907985313552934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 09:52:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8F11 158 KB
49 KB 69ms
52ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677501794595172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 20F3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1&C=1

43 B
631 B

6ms
5ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-L8QIQ5O66_wMY_fGu1QEwAQ&v=APEucNWxkXOoqL5t4RRwBhe-i4b_8LKbdE7ZYbrbHbxjB8EYIo01MEExo2ViB5_MAGDaFMQC_Fc_Ye3nSzH-I4mEqDvra0mDgg
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Mar 2023 08:08:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 01 Mar 2023 08:08:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 0
Expires: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 20F3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-8IFtetZdAclCAYRLolnwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1

43 B
631 B

8ms
5ms

Image
image/gif

192.40.39.223
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-L8QIQ5O66_wMY_fGu1QEwAQ&v=APEucNWxkXOoqL5t4RRwBhe-i4b_8LKbdE7ZYbrbHbxjB8EYIo01MEExo2ViB5_MAGDaFMQC_Fc_Ye3nSzH-I4mEqDvra0mDgg
Protocol: HTTP/1.1
Server: 192.40.39.223 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Mar 2023 08:08:54 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFGE2VmVY5GCl6J8__5kgZM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 20F3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEGASApsKP_BWAU2CUSU-eSk&google_cver=1

43 B
1 KB

12ms
12ms

Image
image/gif

68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGASApsKP_BWAU2CUSU-eSk&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CP-L8QIQ5O66_wMY_fGu1QEwAQ&v=APEucNWxkXOoqL5t4RRwBhe-i4b_8LKbdE7ZYbrbHbxjB8EYIo01MEExo2ViB5_MAGDaFMQC_Fc_Ye3nSzH-I4mEqDvra0mDgg

Protocol

HTTP/1.1

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Mar 2023 08:08:54 GMT
AN-X-Request-Uuid: daafef25-bcaa-4105-83a1-a634cee8eabe
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 5.181.234.133; 5.181.234.133; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGASApsKP_BWAU2CUSU-eSk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 20F3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMwMTQ1NDY2NTYwNjc5Nzk1OA%3D%3D

170 B
243 B

23ms
22ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMwMTQ1NDY2NTYwNjc5Nzk1OA%3D%3D

Requested by

Protocol

Server

142.250.80.66 Glen Cove, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 01 Mar 2023 08:08:54 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 5.181.234.133; 5.181.234.133; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 635541bd-dfb8-4f4b-84b0-a6cb1995d640
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTMwMTQ1NDY2NTYwNjc5Nzk1OA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 0
20 B 17ms
17ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3852087598585&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 0
20 B 20ms
20ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3852087598585&version=m202301230201&ct=76&x=1&cor=12254389260500490000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 8F11 15 KB
11 KB 42ms
41ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrsWXWnXKhROe_oIT5woTXh_yxYZp5ODjmYZvLG5zsX5gdkdR94x1H5-Q8jNzdmH-iklS-6m5itkwDJjpi_sCyBYoKO51yxNew7TxgaeeYqJ2tAOfO3Ec3IeAKUnrVLl9-caiCaL7E-JRNSnADRUgdwAg1_Q3qyQmDY-pRH4nvtgAdB3E&cry=1&dbm_d=AKAmf-Dj9WGa0DXbVX4RdneUadfFWXAi4xvrIt2hEkah9HJMf6AxrGc1sFvCBcSzomO3N9m4bNtQhDwZ1Ls52gzBZ8uSROkviZyfx2r8hPoYdfkhw6y4Rw9D_Y4hYJsr7rHXMRt_7lOYfJeybPBf07DFebANvxTk-Ymrd1b27yptGy_dbTRrnfSqqD-590TcMVGjMmAhdhHykvjhbD45XyO7WJxoQnJxx6UZTMNevsAicMYhxeKKnVGME6uPf-P0EkS2GGBmK_jsifI4SXix0nR16Z-4WrLiUcMZIyxinux1wGT9P0pD7n5-PsVhY-Dsy_HCl5DdIL3isFY2lAkaEmnWITO0NZcGacMoUMfgy2LUGTcnOfQkCTKPpU8pQXRy_H59qn4eub8WBB3S-Sf0fkP_FOSxLhSRI8AKcxvqkqv7hQQ-IG-jp23gN6ZqmlKqmUFK8MP8JgrDEwZ-CzRpBBPL-iEzGhvv_iVOrdhFzGXfPh2HEQiHKcXDi-3A66rO8bKkxS0csanJD97jxvNSvX6fxhmIwt7mz9jtSGccIIR0jSiFHajowg6XGFJO8QMFXE1WcrskGFkPr1lYbKdWV2zIAEawLCNPTypxPplj05Bafyw1QCumbPs6Tufo3Z743KrA49xG9wFZGtFBa2fnnun-ztAYJcMOIDPDiz4GBSIe4TkOkD8Tc7P1tb_5OL3hizWkfYTrfh6vucq9uAKF3eEtJINnmhUlBvEqrVXDY7NP1GzSrDzRRfpW3S75JBglMWiz8KDkqQBSn4vnvNHFTR6Dy-FdU0sYT-lVwYu80TtpjUwYbCRZKQsH3GEiNoUw-KZ2XXXy6lgr97Vk0-t3jJ0rv4thvMFVf3UND68YCj9jUnTZja96l-VhwMb-v75ZtbOCyVR8Ho5bgAQomPRP1PBPk9UtJQRh2rZoAOBcE0pVP-2TMKehxL_6xohG2b3RKWpET1Vemiwov4b8QvasCZ36lGP6w4-QPOaxset7pu1-JiggFp-VvueaDDBkwZAMRmqo9fqdxQgWZ9dZzSeaVkSUakRiVfI0oWDorhZsKgWUfimRuzizdlVptnMXB_SldB36j3TdG3vm3w8EzQQjn5VUQwASGRQ6ggPdLN9r5-I8bh0MMGVwsuubhHDkN8s-dNfL9j068j_nxq5zM_SclVlwwHaRKDpHFTtPlOwHy2kR0jisKPtzRUx60DeLIVcGVo5tywVot9Q9BDKcaeA9H5Kqm3Mt6jIwHlldyGUT5gcllGKUNqASfXvdgJ2X5XxuVlB0dZIOrtuR3WZRNPK5QZIOISEqeLqIM1cqmkQJDpenVk1k-LjGB4G8AoSXfjzdjFbU_lGd905wDXrFWJoh_Me2I7YCH54wGH71T8WWUxoYdD5AFUFwyoDQXwWYoUh9_JKIds1iKBV4dEj3im84L6awr21p3AaFsDQs-PiV52xBibZEOYS5gVC3Wx9mdmCIxB-pYeKIMtWoyNVlhec3kteO3889cT8jHEl-jdJo-qgOqPWjun6HeM14fOy67wvH1CXHEV3IRjDzS8Z55-uwwsK0wAlVbDII8JpQHMIOdXkH_PJbp1YS2oQKZggCj37_vufmRFaeQmJ5Bj4fftwSv8DcCIPgkX_QG24Fh8_TiuffWbYM5OwwHq_n7kdioPu3jMVa7g9-sKyupyC0fZssevMPJHkvx8VS4TY6po4HlMLstNwOaC0RuqGfTAIODvAWu7jHBntdqdJXmtO_FA6Cxl5iDZsG-j0ZTem9bWOeZP-dNP8LEsDtjDIC9ReetRo1Hg1-ZNmSAm2eEFH4zGAV6UgKY0Ov3IetVYgcK4Ok8vPlUWMi8xb6eFBBjeCdZpYpv77tuV9ANXnR1jDjt1KjCFlS_MmEjx0avlx9ATdhtW03cvuvwbjlviM3lxbUlWpu8VV0CqhYgCzcfEnXVcfS9RfiPEVJ4vy5-MLbVJ7JEpiUOXJTHrbhSQibIpwhbAYlH7-Vpbmf4Uj_cD0u1UQbTt8MnW1tm7aDD_MUNlArSJblr2rCJ_xf0c3ZDMyin4mXRFBIWn0sRE2e2p57hcGM4SU3KnqLndW44p8gyUVsEh6Hbg5Gr9-37y2hRhfnEF4HoYEDSYD6HkqDKQt0U-hpUnVx1a0o_VpYstzxcYgGp5wRCfnSEFxs35SSdQX79Z0gIQQqcCj2tZVFMdYwRgxmylALlgtOS_o3acdVIQFz-dxLxRW2M5-pA7xcybhxj9Kg_olriCnHBQo17rSJFmbSqLcoCe2JBKJqtdfCVXjNzJFfqC8jF7nFl9hKNU5_LZJASTF2BJ0Lm7sQwuxtllufL-lIzkpwIt_pcYGt9eRYAS9nIhSM7mmcSR1KIU8NNIwrkk_zWGiLPgVZR8lWZYTq8HWgm0Yot5hQ9bfI0EXWp4Dfp3JVUV6_WA9ExlOEo8uMPeBZ2rzkXJTaomAYCy0QfVZ0t240IlL_HAdQ3UmqTscKrLN5N8NuN1QcU1oc7MF0Wc7X_I-SNEelArSmIERr6zW-OwNf_RuaQhRXmM0GNk-g_G5u3W8YCp0nxcZjOcG1stXp1YxWDVHn2d1FH6c2narP0U7StJ5zwo92cn6qUqRxpr-pLB3FnDQQLSmlaE2nO8Gks418z_4DckhRoGFQf6gB-TqB2aqtnMfPB2QqLmPfpic2SlLu9ijLLli-PEAT5ksi-CHskJnilFLGO8aGLoG_V9tIuixz0XrXfo82Tfep-xEf3zB0sD7XH_Z9eIHZoJe4fsKqI0-DI0TYjSojW6vEeAJYKlLXzdIuthz9BPfKEljNas2JiVU1wf97auH4P_R-nbWHKh3UwFpgT8CnLrXHQqPLKDnnoBxH4dCshM-9cku7h2zQDGW_lsl9h1v7DAQaHmN40Tgz4bUqNNktVQOrrFHOEKP0gw&cid=CAQSSwDUE5ymGP9gF9-1BXFAZoNkxNrJRyx35bS3rnP2ODx-PI0dvTq3pwm4ppIF5Dqq0LiW9BzDX-53GUF4LdIrqAD9sFp1gVlPiW62EBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.thivien.net%2F&ds=l&xdt=1&iif=1&cor=12254389260500490000&adk=2857193498&idt=25&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

62c85d3d7e8f09f0bf074e314d0993b68c343bc19127fc2000472791ce03ae9a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11410
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 8F11 41 KB
15 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DrsWXWnXKhROe_oIT5woTXh_yxYZp5ODjmYZvLG5zsX5gdkdR94x1H5-Q8jNzdmH-iklS-6m5itkwDJjpi_sCyBYoKO51yxNew7TxgaeeYqJ2tAOfO3Ec3IeAKUnrVLl9-caiCaL7E-JRNSnADRUgdwAg1_Q3qyQmDY-pRH4nvtgAdB3E&cry=1&dbm_d=AKAmf-Dj9WGa0DXbVX4RdneUadfFWXAi4xvrIt2hEkah9HJMf6AxrGc1sFvCBcSzomO3N9m4bNtQhDwZ1Ls52gzBZ8uSROkviZyfx2r8hPoYdfkhw6y4Rw9D_Y4hYJsr7rHXMRt_7lOYfJeybPBf07DFebANvxTk-Ymrd1b27yptGy_dbTRrnfSqqD-590TcMVGjMmAhdhHykvjhbD45XyO7WJxoQnJxx6UZTMNevsAicMYhxeKKnVGME6uPf-P0EkS2GGBmK_jsifI4SXix0nR16Z-4WrLiUcMZIyxinux1wGT9P0pD7n5-PsVhY-Dsy_HCl5DdIL3isFY2lAkaEmnWITO0NZcGacMoUMfgy2LUGTcnOfQkCTKPpU8pQXRy_H59qn4eub8WBB3S-Sf0fkP_FOSxLhSRI8AKcxvqkqv7hQQ-IG-jp23gN6ZqmlKqmUFK8MP8JgrDEwZ-CzRpBBPL-iEzGhvv_iVOrdhFzGXfPh2HEQiHKcXDi-3A66rO8bKkxS0csanJD97jxvNSvX6fxhmIwt7mz9jtSGccIIR0jSiFHajowg6XGFJO8QMFXE1WcrskGFkPr1lYbKdWV2zIAEawLCNPTypxPplj05Bafyw1QCumbPs6Tufo3Z743KrA49xG9wFZGtFBa2fnnun-ztAYJcMOIDPDiz4GBSIe4TkOkD8Tc7P1tb_5OL3hizWkfYTrfh6vucq9uAKF3eEtJINnmhUlBvEqrVXDY7NP1GzSrDzRRfpW3S75JBglMWiz8KDkqQBSn4vnvNHFTR6Dy-FdU0sYT-lVwYu80TtpjUwYbCRZKQsH3GEiNoUw-KZ2XXXy6lgr97Vk0-t3jJ0rv4thvMFVf3UND68YCj9jUnTZja96l-VhwMb-v75ZtbOCyVR8Ho5bgAQomPRP1PBPk9UtJQRh2rZoAOBcE0pVP-2TMKehxL_6xohG2b3RKWpET1Vemiwov4b8QvasCZ36lGP6w4-QPOaxset7pu1-JiggFp-VvueaDDBkwZAMRmqo9fqdxQgWZ9dZzSeaVkSUakRiVfI0oWDorhZsKgWUfimRuzizdlVptnMXB_SldB36j3TdG3vm3w8EzQQjn5VUQwASGRQ6ggPdLN9r5-I8bh0MMGVwsuubhHDkN8s-dNfL9j068j_nxq5zM_SclVlwwHaRKDpHFTtPlOwHy2kR0jisKPtzRUx60DeLIVcGVo5tywVot9Q9BDKcaeA9H5Kqm3Mt6jIwHlldyGUT5gcllGKUNqASfXvdgJ2X5XxuVlB0dZIOrtuR3WZRNPK5QZIOISEqeLqIM1cqmkQJDpenVk1k-LjGB4G8AoSXfjzdjFbU_lGd905wDXrFWJoh_Me2I7YCH54wGH71T8WWUxoYdD5AFUFwyoDQXwWYoUh9_JKIds1iKBV4dEj3im84L6awr21p3AaFsDQs-PiV52xBibZEOYS5gVC3Wx9mdmCIxB-pYeKIMtWoyNVlhec3kteO3889cT8jHEl-jdJo-qgOqPWjun6HeM14fOy67wvH1CXHEV3IRjDzS8Z55-uwwsK0wAlVbDII8JpQHMIOdXkH_PJbp1YS2oQKZggCj37_vufmRFaeQmJ5Bj4fftwSv8DcCIPgkX_QG24Fh8_TiuffWbYM5OwwHq_n7kdioPu3jMVa7g9-sKyupyC0fZssevMPJHkvx8VS4TY6po4HlMLstNwOaC0RuqGfTAIODvAWu7jHBntdqdJXmtO_FA6Cxl5iDZsG-j0ZTem9bWOeZP-dNP8LEsDtjDIC9ReetRo1Hg1-ZNmSAm2eEFH4zGAV6UgKY0Ov3IetVYgcK4Ok8vPlUWMi8xb6eFBBjeCdZpYpv77tuV9ANXnR1jDjt1KjCFlS_MmEjx0avlx9ATdhtW03cvuvwbjlviM3lxbUlWpu8VV0CqhYgCzcfEnXVcfS9RfiPEVJ4vy5-MLbVJ7JEpiUOXJTHrbhSQibIpwhbAYlH7-Vpbmf4Uj_cD0u1UQbTt8MnW1tm7aDD_MUNlArSJblr2rCJ_xf0c3ZDMyin4mXRFBIWn0sRE2e2p57hcGM4SU3KnqLndW44p8gyUVsEh6Hbg5Gr9-37y2hRhfnEF4HoYEDSYD6HkqDKQt0U-hpUnVx1a0o_VpYstzxcYgGp5wRCfnSEFxs35SSdQX79Z0gIQQqcCj2tZVFMdYwRgxmylALlgtOS_o3acdVIQFz-dxLxRW2M5-pA7xcybhxj9Kg_olriCnHBQo17rSJFmbSqLcoCe2JBKJqtdfCVXjNzJFfqC8jF7nFl9hKNU5_LZJASTF2BJ0Lm7sQwuxtllufL-lIzkpwIt_pcYGt9eRYAS9nIhSM7mmcSR1KIU8NNIwrkk_zWGiLPgVZR8lWZYTq8HWgm0Yot5hQ9bfI0EXWp4Dfp3JVUV6_WA9ExlOEo8uMPeBZ2rzkXJTaomAYCy0QfVZ0t240IlL_HAdQ3UmqTscKrLN5N8NuN1QcU1oc7MF0Wc7X_I-SNEelArSmIERr6zW-OwNf_RuaQhRXmM0GNk-g_G5u3W8YCp0nxcZjOcG1stXp1YxWDVHn2d1FH6c2narP0U7StJ5zwo92cn6qUqRxpr-pLB3FnDQQLSmlaE2nO8Gks418z_4DckhRoGFQf6gB-TqB2aqtnMfPB2QqLmPfpic2SlLu9ijLLli-PEAT5ksi-CHskJnilFLGO8aGLoG_V9tIuixz0XrXfo82Tfep-xEf3zB0sD7XH_Z9eIHZoJe4fsKqI0-DI0TYjSojW6vEeAJYKlLXzdIuthz9BPfKEljNas2JiVU1wf97auH4P_R-nbWHKh3UwFpgT8CnLrXHQqPLKDnnoBxH4dCshM-9cku7h2zQDGW_lsl9h1v7DAQaHmN40Tgz4bUqNNktVQOrrFHOEKP0gw&cid=CAQSSwDUE5ymGP9gF9-1BXFAZoNkxNrJRyx35bS3rnP2ODx-PI0dvTq3pwm4ppIF5Dqq0LiW9BzDX-53GUF4LdIrqAD9sFp1gVlPiW62EBgB&dv3_ver=m202301230201&rfl=https%3A%2F%2Fwww.thivien.net%2F&ds=l&xdt=1&iif=1&cor=12254389260500490000&adk=2857193498&idt=25&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 11:20:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 74919
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Feb 2024 11:20:15 GMT

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 8F11
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1194052/66719880/xbbe/creative/adj?p=APEucNUPMK3RZ_GaCtwNUsxDa88xMrVWqCFCMQC_fjkEBPO5eAKdnvk&d=CokBAKAmf-AOWdPRczBhl5dkO9pR05l7v7EQqv-dZdgfuzNnKr4GHhDyuPL7rqN...
https://static.adsafeprotected.com/skeleton.js

17 B
466 B

7ms
4ms

Script
application/javascript

2600:9000:21dd:3e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2600:9000:21dd:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 10 Nov 2022 07:36:39 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 ef8392d3895fa7368e6a67a055402788.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
age: 9592336
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: O9x7RB3try_brtxvLP3bWOHN3568RaZmoxBXPlLtnb3GTvGW8uaUtA==

Redirect headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: nginx
x-server-name: app05.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame F28F 91 KB
23 KB 44ms
5ms Script
application/javascript 2600:9000:21dd:3e00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21dd:3e00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 19 Nov 2022 06:42:20 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 ef8392d3895fa7368e6a67a055402788.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C2
age: 8817995
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: zuyGdZu5ShldZ6xr3MJsgtB2TFJQpvdUyfo3Q75NzuF7rF7X3g_Ybw==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 8F11 43 B
216 B 38ms
10ms Image
image/gif 2600:1f18:1aca:4281:19a0:6e54:6783:f740
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1194052&asId=ddb91d61-12d3-3b06-c77a-956ea41c75b8&tv=%7Bc:5AY5SE,pingTime:-3,time:68,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:68,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B60~0%5D,as:%5B60~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:txeOyQY+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18*.1194052-66719880%7C181,idMap:18*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&br=c
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:19a0:6e54:6783:f740 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 8F11 43 B
215 B 35ms
12ms Image
image/gif 2600:1f18:1aca:4281:19a0:6e54:6783:f740
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1194052&asId=ddb91d61-12d3-3b06-c77a-956ea41c75b8&tv=%7Bc:5AY5SF,pingTime:-6,time:69,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:69,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B62~0%5D,as:%5B62~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:txeOyQY+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18*.1194052-66719880%7C181,idMap:18*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&tpiLookup=ao:www.thivien.net*&br=c
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:19a0:6e54:6783:f740 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: nginx
x-server-name: dt02.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 8F11 43 B
215 B 15ms
12ms Image
image/gif 2600:1f18:1aca:4281:19a0:6e54:6783:f740
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1194052&asId=ddb91d61-12d3-3b06-c77a-956ea41c75b8&tv=%7Bc:5AY5T2,pingTime:-2,time:92,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:129,beZ:131,mfA:134,cmA:135,inA:135,inZ:140,prA:141,prZ:147,si:153,poA:155,poZ:178,cmZ:178,mfZ:178,loA:198,loZ:202,ltA:221,ltZ:221%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:600,t:23%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:92,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:23,wc:0.0.1600.1200,ac:NaN.NaN.300.600,am:i,cc:NaN.NaN.300.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B84~0%5D,as:%5B84~300.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:txeOyQY+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18*.1194052-66719880%7C181,idMap:18*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:25,sinceFw:66,readyFired:false%7D&br=c
Requested by: Host: 0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
URL: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:19a0:6e54:6783:f740 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:54 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012302171719000/ Frame 137A 222 KB
61 KB 56ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=107748359&adf=3254301053&pi=t.ma~as.2707489529&w=840&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=840x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=227&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250%2C300x600&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=0lMAkLRKkC&p=https%3A//www.thivien.net&dtd=230

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:24 GMT
age: 136830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61847
x-xss-protection: 0
server: sffe
etag: "b91941a2860567a7"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:24 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 137A 15 KB
5 KB 62ms
10ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-ad-exit-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:24 GMT
age: 136830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5237
x-xss-protection: 0
server: sffe
etag: "304dd5725e1eccd8"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:24 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 137A 94 KB
28 KB 64ms
13ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-analytics-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:24 GMT
age: 136830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28901
x-xss-protection: 0
server: sffe
etag: "8f636c70fc937458"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:24 GMT

GET
H2 200 amp-animation-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 137A 72 KB
16 KB 69ms
18ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-animation-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9518cad0cb9b991cf7cbcf4cc2bc537f78ab2db57f57c68a834d5b7e3be3a24a

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:32 GMT
age: 136822
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16650
x-xss-protection: 0
server: sffe
etag: "a00c559713bdf453"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:32 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 137A 5 KB
2 KB 65ms
14ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-fit-text-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:24 GMT
age: 136830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1926
x-xss-protection: 0
server: sffe
etag: "df03f558eda3b320"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:24 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012302171719000/v0/ Frame 137A 40 KB
13 KB 66ms
16ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/v0/amp-form-0.1.mjs

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:24 GMT
age: 136830
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12954
x-xss-protection: 0
server: sffe
etag: "e0426f4a93046162"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:24 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 137A 4 KB
1 KB 52ms
19ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,regular

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 06:57:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 137A 3 KB
3 KB 13ms
7ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 02:07:01 GMT
x-content-type-options: nosniff
server: cafe
age: 21713
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3099
x-xss-protection: 0
expires: Thu, 02 Mar 2023 02:07:01 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 137A 344 B
368 B 16ms
10ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 22:21:24 GMT
x-content-type-options: nosniff
server: cafe
age: 35250
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Wed, 01 Mar 2023 22:21:24 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 137A 0
18 B 41ms
35ms Image
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CnvQSFgj_Y56MCJ3V0_wPlt2-yAnVl_OYb6yM88f8EKuI_cWKOBABIInk8S5gycapi8Ck2A-gAbDezsAoyAEJqAMByAMIqgT5AU_QPlGS9PmtWP8OF9yl_LdxkPwjOJLcIlUXVuzu2hj3iZFIffxrNeE__bN5hEZNvyTQ1E-l7mxjZhZIROE8wkqOvca3sw6FL_o2eMgqB3fRxu0WtWzt_lWslfHM7-SI0EkBh_fptlwIb61qniJVXJBAEPcIZ7ao54P67SnjD4Tk4Jv3dafeeFPJI6V5yxZBeACrHeXZChChFj47Hte5t1vUzsc12fykQEFVellyxq4NgGgWaGPLlRO7OmWW4IaV2qTbhgPlM-xADfaSWWHZCWai-7XHJFMh0r29Foq1tdwuH2XkWSaYelwFUS9E9PO2mSu02xeaUrcIB8AEz7bk0JUEkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB7CWn6ADqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQuakT0ggPCIBhEAEYHzICigI6AoBAgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTU0NjY3NjQ1ODYzNTcwNTIYAA&sigh=LZHJA71M17Y&uach_m=[UACH]&cid=CAQSGwDUE5ymOrRvboYJLeOdkUTwL2sR8Asj3deEWRgB&template_id=419

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=107748359&adf=3254301053&pi=t.ma~as.2707489529&w=840&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=840x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=227&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250%2C300x600&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=3499&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=5&uci=a!5&btvi=1&fsb=1&xpc=0lMAkLRKkC&p=https%3A//www.thivien.net&dtd=230
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Back_Elements_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 7 KB
7 KB 16ms
10ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Back_Elements_1_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182dedb31c7694bb599f525efb2d3e29c746a3b312861b3a31a492bbc87deadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7099
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Photo_3_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 40 KB
40 KB 17ms
11ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Photo_3_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f20f51a5f209ec1ff2a8b8faf75b153c8030124f61a50ccb8b81e5c00b2ad23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40841
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Back_Elements_2_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 23ms
17ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Back_Elements_2_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1caef3036d1fd614a43968b8325142f08ec2db7bffdcee146fb62746a18ce708

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2137
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 55_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 22ms
16ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/55_1_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aff82d513a8ba3dcab581ab2f6f03f07d39b9d5509e3221b36b2bb4f1dc3ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2350
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Logo_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 21ms
16ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Logo_1_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e08db7845481dd639a85faeebdb9de80d06a99b3eaac39268cbca8eb9229a3dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1620
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 5Min_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 16ms
12ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/5Min_1_970x250.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcff3928e18c57cc8b56b11a505c1c2a0fb0193cd442f8a706b0ca4bce04488a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 06:21:36 GMT
x-content-type-options: nosniff
age: 524838
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2087
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 23 Feb 2024 06:21:36 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 0D53 6 KB
1 KB 44ms
20ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=250&slotname=4323823526&adk=3766599677&adf=1372361623&pi=t.ma~as.4323823526&w=300&lmt=1677658133&format=300x250&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133875&bpp=1&bdt=745&idt=201&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=385&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2sqd9yHy4d&p=https%3A//www.thivien.net&dtd=205

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 06:43:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 0D53 2 KB
765 B 18ms
9ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/ Frame 0D53 22 KB
9 KB 20ms
10ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f53b2103abffed07c86a43ad48a3a064677134cc7b52c0bdf9ff4f3b20d14656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9122
x-xss-protection: 0
server: cafe
etag: 6330344511044705610
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 0D53 3 KB
1 KB 8ms
4ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame 0D53 20 KB
8 KB 22ms
5ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 09:52:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5959907985313552934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 09:52:40 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0D53 158 KB
48 KB 39ms
17ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677501794595172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H2 200 3d1f1376e308865cf68987b0ba581d94.js Show response
www.gstatic.com/mysidia/ Frame 0D53 34 KB
14 KB 40ms
4ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3d1f1376e308865cf68987b0ba581d94.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38935741f6939baa18b56370cf3e8a1b20e1e52439ded7d8dd4c5e39a5ca2672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:13:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442527
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14319
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 04:57:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 May 2023 05:13:27 GMT

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/ 150 KB
51 KB 62ms
46ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e0d7ab14bc5ed77fd1409e38f9cb1503dca16090608948fa45beb698335b66e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52032
x-xss-protection: 0
server: cafe
etag: 10332617793753054396
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6193 22 KB
8 KB 15ms
6ms Document
text/html 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 150736
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 27 Feb 2023 14:16:38 GMT
expires: Tue, 27 Feb 2024 14:16:38 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 137A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9caa2064c3e79657de88afe6c469a4a9639865d1528df1068936e590cf8c6856

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 9264726359195742392
tpc.googlesyndication.com/simgad/ Frame DA43 81 KB
81 KB 6ms
6ms Image
image/jpeg 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9264726359195742392?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkKv45z_A7P8os68SyUnV57PvsLyQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=600&slotname=6079758327&adk=4155854282&adf=2789987547&pi=t.ma~as.6079758327&w=300&lmt=1677658133&format=300x600&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=219&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=641&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BuAijCqzWZ&p=https%3A//www.thivien.net&dtd=224

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f24418b3b3ee2bca3d3833c12eaa868651dfea18917e40deae36c579929444fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 15:43:58 GMT
x-content-type-options: nosniff
age: 404696
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82608
x-xss-protection: 0
last-modified: Wed, 01 Feb 2023 13:54:55 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 15:43:58 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/ Frame DA43 22 KB
9 KB 3ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f53b2103abffed07c86a43ad48a3a064677134cc7b52c0bdf9ff4f3b20d14656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9122
x-xss-protection: 0
server: cafe
etag: 6330344511044705610
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame DA43 3 KB
1 KB 8ms
4ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame DA43 20 KB
8 KB 6ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 09:52:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5959907985313552934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 09:52:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame DA43 158 KB
48 KB 53ms
50ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677501794595172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame DA43 33 KB
13 KB 9ms
6ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54ec5d49fd3dbb498c6f9fb4746bb071d87b86ae802c77b238b3eace00999e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 19:25:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45794
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13744
x-xss-protection: 0
server: cafe
etag: 5530353353552386020
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 19:25:40 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0D53 0
0 37ms
35ms Fetch
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CGpQxFgj_Y5LTBpjVj-8Pnb6OaJT2yJhvsbjuys0QxJXvhckzEAEgieTxLmDJxqmLwKTYD6AB6f31zwPIAQmoAwHIA8sEqgTfAU_Q-TQeHnY_mmwYKF3KjLHwL-54pOTCYpH6ZFLvn0aWCpjJIXVwi0DV0rROSp90JH_bJHNH6A_yB6Uwup3ZySprWXxIWt_t8k0OsJ9wMvUWmIY6Rn8UP00PXL_zM-wC4LRKqKQGgXldOvcQ2rx0zzQ_2ScVSP3aURI2vN6y57Qq-EZXqRInKP4dGkVrFlP_HglfxFoR3hi-JVpttaw3EKR7uhpLUVbd4fiuo1hUcUqMJ-yF1T_df6ceHL8GJyLdZwq-rQdKbO5AsWx-Q18VxYfKbBxPtiwFOkyFvHfU0HDABOu3h_mPBJIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAelrLBjqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQs-YD0ggPCIBhEAEYHzICigI6AoBAgAoByAsBuBPkA9gTDIgUAdAVAYAXAbIXHAoaCAASFHB1Yi01NDY2NzY0NTg2MzU3MDUyGAA&sigh=IrNRo5ArucI&uach_m=[UACH]&cid=CAQSGwDUE5ymuvHHSlWJqQfWM9tqxjlzh7hYnrzUXRgB&template_id=484

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=250&slotname=4323823526&adk=3766599677&adf=1372361623&pi=t.ma~as.4323823526&w=300&lmt=1677658133&format=300x250&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133875&bpp=1&bdt=745&idt=201&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=385&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=3&uci=a!3&fsb=1&xpc=2sqd9yHy4d&p=https%3A//www.thivien.net&dtd=205
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame B9B1 8 KB
968 B 22ms
18ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 08:02:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame B9B1 2 KB
765 B 5ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:44 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/ Frame B9B1 22 KB
9 KB 16ms
14ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f53b2103abffed07c86a43ad48a3a064677134cc7b52c0bdf9ff4f3b20d14656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9122
x-xss-protection: 0
server: cafe
etag: 6330344511044705610
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame B9B1 3 KB
1 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64149
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame B9B1 20 KB
8 KB 17ms
15ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 09:52:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80174
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5959907985313552934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 09:52:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9B1 158 KB
48 KB 36ms
33ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677501794595172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:54 GMT

GET
H2 200 887cfa9374a0c130d54aa7fe143e0312.js Show response
www.gstatic.com/mysidia/ Frame B9B1 34 KB
14 KB 4ms
4ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/887cfa9374a0c130d54aa7fe143e0312.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e45fd1bfd4e9faa44d111f64bef4ccea9e66b10fb0a957d91019ac033b7c22c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 08:10:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86309
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14316
x-xss-protection: 0
last-modified: Tue, 28 Feb 2023 07:42:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 May 2023 08:10:25 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame DA43 0
0 38ms
35ms Fetch
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ccl3zFgj_Y5fcB5Wr7gLzioWwD-_jk5dvwaOlqZgR8a-LnpUJEAEgieTxLmDJxqmLwKTYD6ABlfjLtwPIAQKoAwHIA8kEqgTkAU_QxNLNyP5ngxzh1vzaJj2p3hzl56zdhrJpK5be2dYKdGl7r4gVh22sZ_D4h9d95e0XVXiGpjx7o7Dz5l8P_d1khD_OUEVObfEaZnPqd_HiDPDtPg85iX7T4bie23Wj8v_am0XibqdaQEFTOFV-fGB7fcb34t0oGSK2tL3dGHX3Xe_0DUbLKJcRDNlO9xCQ1w6e9Y6RllvtFjT1f-UMswnnlIUjATOXxciVFLEOWWyteZGGKvt6RucM8fG5EKTe2c1T6DCHZvSzH5pgQgK5loLR9DJL1LpbDLAGBL5pVX6aYkwggcAE_6Xx55kEkgUECAQYAZIFBAgFGASgBgKAB9OHtEioB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCsugvSCA8IgGEQARgfMgKKAjoCgECACgHICwHYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItNTQ2Njc2NDU4NjM1NzA1MhgA&sigh=3aQhRbt2l28&uach_m=[UACH]&cid=CAQSGwDUE5ymp9d6Tj7c9C1vSTSr0pG3bhWopGSW7RgB

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=600&slotname=6079758327&adk=4155854282&adf=2789987547&pi=t.ma~as.6079758327&w=300&lmt=1677658133&format=300x600&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=219&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=641&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BuAijCqzWZ&p=https%3A//www.thivien.net&dtd=224
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 2076313506083323656
tpc.googlesyndication.com/simgad/14920741190005160538/ Frame 0D53 39 KB
39 KB 8ms
7ms Image
image/jpeg 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/14920741190005160538/2076313506083323656

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dd89b5425b3952d9722f3ca811905cfac83b4168c7d0a8623a12794659168ff9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 23:11:58 GMT
x-content-type-options: nosniff
age: 550616
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40351
x-xss-protection: 0
last-modified: Tue, 29 Mar 2022 18:57:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Feb 2024 23:11:58 GMT

GET
DATA 200
OK truncated
/ Frame 0D53 218 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 016d819d2234ab4e40e78aa4fe7e3da9fc6b6eb7c77f84a19dcce2a18d5f4954

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 137A 15 KB
16 KB 10ms
4ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 22:34:08 GMT
x-content-type-options: nosniff
age: 552886
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 22:34:08 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 137A 15 KB
15 KB 8ms
4ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 23:04:08 GMT
x-content-type-options: nosniff
age: 551086
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 23:04:08 GMT

GET
DATA 200
OK truncated
/ Frame 8F11 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2b9d9274f313b4d901d96e9622057596ab6441a5119ef7ab9706df47c7d5c55a

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame B9B1 0
0 37ms
35ms Fetch
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cmvn9Fgj_Y7-TBpnS0_wPqbeioAKS-vv9btafwZ77EICagOyQAhABIInk8S5gycapi8Ck2A-gAavC7fcCyAEJqAMByAPLBKoE4QFP0G_WT5zzrGqM0KJ2P-0dWG3yaYAlwR1v_NXyXxziHWOjdiRYbtzx5HcImNMhZohxI7SDpFbntyrcKMpSHPcEcFmkTo5ftTevKohHJjMfIM1eMSnFEKYQH_opHa1IOn1lw9qsqXWKes7kF6tE7VSMNoqsKJK-mjKhtkQMCtTQypO94_xsUrscvgmuFb5xmwc8aiYhWuaFCYDOTk24HdUAHq4Oeb07tQ1n0FEJLNos3Gb8GXjYAFKfAsLiCy3LScuhlK8pQKj-lDDxIAJGES066lO6tDka1G-vlEy-vxM5PMjABO6p8oz0AZIFBAgEGAGSBQQIBRgEoAYugAe9vZKIAagHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcA8gcFEL6V2gLSCA8IgGEQARgfMgKKAjoCgECACgHICwG4E4gE2BMK0BUBmBYBgBcBshccChoIABIUcHViLTU0NjY3NjQ1ODYzNTcwNTIYAA&sigh=EpNyieAYkBo&uach_m=[UACH]&cid=CAQSGwDUE5ymn3I4O8N3Gbf2sujSjpD3idsbXGbeaBgB&template_id=520

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 400 data=RxVTX4acKy0kR7Or15oy5i8lCKpy552wMHAfBMtGqm2IgfyGAkDmH5U0IeBwJqmPS1bzhhR_sTVuBmIbCY87kg
mts0.google.com/vt/ Frame B9B1 0
0 85ms
22ms Image
text/html 2607:f8b0:4006:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mts0.google.com/vt/data=RxVTX4acKy0kR7Or15oy5i8lCKpy552wMHAfBMtGqm2IgfyGAkDmH5U0IeBwJqmPS1bzhhR_sTVuBmIbCY87kg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80e::200e Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame B9B1 297 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B9B1 336 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B9B1 462 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame B9B1 465 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 21ms
21ms Script
application/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.thivien.net

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/ Frame EBF5 10 KB
4 KB 4ms
3ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 45577
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4549
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 28 Feb 2023 19:29:17 GMT
etag: 2378337311435320485
expires: Tue, 14 Mar 2023 19:29:17 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EE7F 143 B
166 B 4ms
4ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=600&slotname=6079758327&adk=4155854282&adf=2789987547&pi=t.ma~as.6079758327&w=300&lmt=1677658133&format=300x600&url=https%3A%2F%2Fwww.thivien.net%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133876&bpp=1&bdt=746&idt=219&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1150x280%2C300x250&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1075&ady=641&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&ifi=4&uci=a!4&fsb=1&xpc=BuAijCqzWZ&p=https%3A//www.thivien.net&dtd=224
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 3015
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 07:18:39 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 amp4ads-host-v0.js Show response
cdn.ampproject.org/rtv/012302171719000/ 23 KB
8 KB 5ms
4ms Script
text/javascript 2607:f8b0:4006:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012302171719000/amp4ads-host-v0.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202302140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

666c5927d6bcb88b762bc42009cd3909361fab28d80d5e16b2abfc8f06d93935

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 27 Feb 2023 18:08:30 GMT
age: 136824
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7857
x-xss-protection: 0
server: sffe
etag: "56ffe549ac4f4013"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 27 Feb 2024 18:08:30 GMT

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 6193 36 KB
14 KB 5ms
4ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387371
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

GET
H3 200 vi.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 137A 3 KB
3 KB 4ms
4ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/vi.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 02:07:01 GMT
x-content-type-options: nosniff
server: cafe
age: 21713
etag: 10932518847931040692
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3099
x-xss-protection: 0
expires: Thu, 02 Mar 2023 02:07:01 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/abg/ Frame 137A 344 B
368 B 5ms
3ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/abg/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 22:21:24 GMT
x-content-type-options: nosniff
server: cafe
age: 35250
etag: 6766994032117382215
vary: Accept-Encoding
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 344
x-xss-protection: 0
expires: Wed, 01 Mar 2023 22:21:24 GMT

GET
H3 200 Back_Elements_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 7 KB
7 KB 7ms
5ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Back_Elements_1_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

182dedb31c7694bb599f525efb2d3e29c746a3b312861b3a31a492bbc87deadf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7099
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Photo_3_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 40 KB
40 KB 8ms
5ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Photo_3_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f20f51a5f209ec1ff2a8b8faf75b153c8030124f61a50ccb8b81e5c00b2ad23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 40841
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Back_Elements_2_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 9ms
7ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Back_Elements_2_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1caef3036d1fd614a43968b8325142f08ec2db7bffdcee146fb62746a18ce708

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2137
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 55_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 11ms
9ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/55_1_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0aff82d513a8ba3dcab581ab2f6f03f07d39b9d5509e3221b36b2bb4f1dc3ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2350
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 Logo_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 11ms
10ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/Logo_1_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e08db7845481dd639a85faeebdb9de80d06a99b3eaac39268cbca8eb9229a3dc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:21:33 GMT
x-content-type-options: nosniff
age: 442041
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1620
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Feb 2024 05:21:33 GMT

GET
H3 200 5Min_1_970x250.png
tpc.googlesyndication.com/sadbundle/8389885750942289290/ Frame 137A 2 KB
2 KB 12ms
10ms Image
image/png 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/8389885750942289290/5Min_1_970x250.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012302171719000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fcff3928e18c57cc8b56b11a505c1c2a0fb0193cd442f8a706b0ca4bce04488a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 06:21:36 GMT
x-content-type-options: nosniff
age: 524838
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2087
x-xss-protection: 0
last-modified: Tue, 06 Dec 2022 15:43:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 23 Feb 2024 06:21:36 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 15ms
14ms Fetch
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=456842347781417&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.thivien.net%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=4b5b2b0744b0bf642fa517ae36d52184

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Wed, 01 Mar 2023 08:08:54 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
alt-svc: h3=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: PYq2ngo4gxHA52W8fWk1xlPiturtcOURUKdr5YuI5rmJZIJxvDWZCCNHKfrpDBhEPXfjBKTwrJo5owbH+nr3mw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.thivien.net
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 4ms
3ms Image
text/plain 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=456842347781417&ev=fb_page_view&dl=https%3A%2F%2Fwww.thivien.net%2F&rl=&if=false&ts=1677658134974&sw=1600&sh=1200&at=

Requested by

Host: www.thivien.net
URL: https://www.thivien.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 01 Mar 2023 08:08:54 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
priority: u=3,i

GET
DATA 200
OK truncated
/ Frame 0D53 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 767490771fd757b00d43cba09ed533279dcc548d8d0087b64a4f9579b0532bac

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DA43 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 10280b8d06c1cd8db9f5d32920248a683cec55f1a922378b9c1956be611ab3d4

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css2
fonts.googleapis.com/ Frame EBF5 4 KB
636 B 20ms
20ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 06:26:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Mar 2023 08:08:55 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EBF5 205 B
229 B 6ms
5ms Image
image/png 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 15:33:15 GMT
x-content-type-options: nosniff
age: 59740
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 28 Feb 2024 15:33:15 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame EBF5 604 B
628 B 6ms
6ms Image
image/png 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 02:55:09 GMT
x-content-type-options: nosniff
age: 18826
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 29 Feb 2024 02:55:09 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/elements/html/ Frame EBF5 20 KB
8 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

19aed7d310d8bf5f137d0273df387b2d5b023e7c8eda1d30c1f7a8459d5a3bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 19:25:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45795
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8556
x-xss-protection: 0
server: cafe
etag: 12004167960083760723
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 19:25:40 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0D53 15 KB
15 KB 4ms
4ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 23:04:08 GMT
x-content-type-options: nosniff
age: 551087
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 23:04:08 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0D53 15 KB
16 KB 4ms
4ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 22:34:08 GMT
x-content-type-options: nosniff
age: 552887
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 22:34:08 GMT

GET
H3 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0D53 15 KB
15 KB 5ms
5ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 06:00:39 GMT
x-content-type-options: nosniff
age: 439696
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Feb 2024 06:00:39 GMT

GET
DATA 200
OK truncated
/ Frame B9B1 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f08882023271665c02ec4d402471292aab760839708d848ed98ce32d0d772d88

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame B9B1 28 KB
28 KB 5ms
4ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:42:56 GMT
x-content-type-options: nosniff
age: 527159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28288
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 05:42:56 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjwUvaYr.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame B9B1 13 KB
13 KB 6ms
5ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjwUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8878d98ccb41ec139e1d88104ed132d3050c7231042659e67212728988413979

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 23:16:58 GMT
x-content-type-options: nosniff
age: 550317
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13676
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 23:16:58 GMT

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame B9B1 14 KB
14 KB 16ms
15ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjYUvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 14:37:39 GMT
x-content-type-options: nosniff
age: 495076
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14432
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:04:58 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 14:37:39 GMT

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 2CAB 36 KB
14 KB 15ms
3ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EE7F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

34ms
27ms

Document
text/html

2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:55 GMT
expires: Wed, 01 Mar 2023 08:08:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:55 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 30ff74cd17fac218005202762a48c647.js Show response
www.gstatic.com/mysidia/ Frame D36F 10 KB
4 KB 8ms
7ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/30ff74cd17fac218005202762a48c647.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf604d68a81b4f3042807e4f9561e19db4130802cad8c53b39549c383a86ff77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:13:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442516
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4407
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 04:57:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 May 2023 05:13:39 GMT

GET
H3 200 164715e9a72d7bd173c872e14587b581.js Show response
www.gstatic.com/mysidia/ Frame D36F 19 KB
8 KB 9ms
8ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/164715e9a72d7bd173c872e14587b581.js?tag=pingback

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a0093df26b73c46a3dcb4faa9d4601fbd0dc02daf3944b55d80e26453459665

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7929
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 04:57:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 May 2023 05:14:01 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D36F 8 KB
895 B 24ms
22ms Stylesheet
text/css 2607:f8b0:4006:824::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::200a Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 07:17:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Mar 2023 08:08:55 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame D36F 2 KB
771 B 13ms
5ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64151
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 738
x-xss-protection: 0
server: cafe
etag: 1394486882873449110
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:44 GMT

GET
H3 200 e9aff91b4641aa9f021dfc8c8beac945.js Show response
www.gstatic.com/mysidia/ Frame D36F 6 KB
2 KB 16ms
8ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e9aff91b4641aa9f021dfc8c8beac945.js?tag=analytics_pingback_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

446b75df3aa450dc67047c4ae08d0ba75cd173ee74cf644281c31ecd61c92b7c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:14:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2362
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 04:57:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 May 2023 05:14:01 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/ Frame D36F 22 KB
9 KB 13ms
6ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f53b2103abffed07c86a43ad48a3a064677134cc7b52c0bdf9ff4f3b20d14656

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9122
x-xss-protection: 0
server: cafe
etag: 6330344511044705610
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame D36F 3 KB
1 KB 14ms
6ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 14:19:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 64150
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 14:19:45 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/ Frame D36F 20 KB
8 KB 17ms
9ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230227/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 28 Feb 2023 09:52:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 80175
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5959907985313552934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 14 Mar 2023 09:52:40 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D36F 158 KB
48 KB 42ms
36ms Script
text/javascript 2607:f8b0:4006:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81c::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677501794595172"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:55 GMT

GET
H3 200 3d1f1376e308865cf68987b0ba581d94.js Show response
www.gstatic.com/mysidia/ Frame D36F 34 KB
14 KB 14ms
8ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3d1f1376e308865cf68987b0ba581d94.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38935741f6939baa18b56370cf3e8a1b20e1e52439ded7d8dd4c5e39a5ca2672

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 05:13:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 442528
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14319
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 04:57:19 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 25 May 2023 05:13:27 GMT

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 5C7F 36 KB
14 KB 11ms
5ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 8F11 43 B
215 B 11ms
10ms Image
image/gif 2600:1f18:1aca:4281:19a0:6e54:6783:f740
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1194052&asId=ddb91d61-12d3-3b06-c77a-956ea41c75b8&tv=%7Bc:5AY64x,pingTime:-10,time:805,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTEwLjAuNTQ4MS4xNzcgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1677658135280%7C%7Cc01f6c8bfb8a4df9b3f76ccd90c53c26%7C%7C15c1c3073e5c3cda0308b87e66c0c1e4%7C%7Cb5ffe80f906eebf40611daf1b68121c1%7C%7C9455d37bb56641f4f90d8001522839a3%7C%7Caece4231a614ac0a8af1e88c8318d0fb%7C%7C5bd5943a193b1be6183bee68445eaddb%7C%7Cd1124b56fc8f4b6637332f96e2f85b5c%7C%7C1663701684,im:%7Bpci:%7Btdr:585%7D%7D%7D
Requested by: Host: www.thivien.net
URL: https://www.thivien.net/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4281:19a0:6e54:6783:f740 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:55 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPj0UvaYr.woff2
fonts.gstatic.com/s/googlesans/v45/ Frame B9B1 6 KB
6 KB 4ms
3ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v45/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPj0UvaYr.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ccac6220939e464bae744df0cabc646ca1078d982ea076783e905f47eb4014d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 13:48:32 GMT
x-content-type-options: nosniff
age: 411623
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6024
x-xss-protection: 0
last-modified: Wed, 01 Jun 2022 19:05:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Feb 2024 13:48:32 GMT

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 18D4 36 KB
14 KB 4ms
4ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5466764586357052&output=html&h=280&slotname=2707489529&adk=1919786447&adf=338049896&pi=t.ma~as.2707489529&w=1150&fwrn=4&fwrnh=100&lmt=1677658133&rafmt=5&format=1150x280&url=https%3A%2F%2Fwww.thivien.net%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1677658133872&bpp=3&bdt=742&idt=193&shv=r20230227&mjsv=m202302140101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5619359012683&frm=20&pv=1&ga_vid=1385919515.1677658134&ga_sid=1677658134&ga_hid=206671390&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=225&ady=95&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44777877%2C44759842%2C44759875%2C44759926%2C21065725&oid=2&pvsid=2558192966104257&tmod=1468690632&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=5ln9nbPQnK&p=https%3A//www.thivien.net&dtd=200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B27 143 B
166 B 4ms
3ms Document
text/html 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 3016
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 07:18:39 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 like.php Show response
www.facebook.com/v14.0/plugins/ Frame 8633 36 KB
13 KB 48ms
47ms Document
text/html 2a03:2880:f112:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=456842347781417&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eb290368a70ac%26domain%3Dwww.thivien.net%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.thivien.net%252Ff18819d0e31643%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2Fthivien.net&layout=standard&locale=en_US&sdk=joey&share=false&show_faces=false&width=440

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=4b5b2b0744b0bf642fa517ae36d52184

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

55e7cc088cc81247f8d0f97463894e380dffdacc77cecbe5b6e85cd8b64b6cdb

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com;font-src data: .gstatic.com .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com .tenor.co media.tenor.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net .giphy.com connect.facebook.net .carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com .whatsapp.net .fb.com .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com https://.giphy.com data:;frame-src .doubleclick.net .google.com .facebook.com www.googleadservices.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: br
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval';style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com https://sandbox.paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: unsafe-none
date: Wed, 01 Mar 2023 08:08:55 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v14.0
origin-agent-cluster: ?0
pragma: no-cache
priority: u=0
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-debug: cLOG63TQJScnZLPXFvhK+f9m8JGQoeFLTLFQMZCH8z4Lky197R6R/csDw1+0Vvujw5DZXO08h+UOFtxroftSPw==
x-fb-rlafr: 0
x-xss-protection: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 26ms
25ms XHR
application/json 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023022301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

717ca4fd4a6c577b435ea4f65a4e75ad06b214ba49bdba24351075574d7ad867

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11140
x-xss-protection: 0

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B27
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

21ms
20ms

Document
text/html

2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:55 GMT
expires: Wed, 01 Mar 2023 08:08:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:55 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 69B7 36 KB
14 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230227/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 35ms
35ms Script
text/javascript 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023022301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 01 Mar 2023 08:08:55 GMT

GET
H2 200 FEppCFCt76d.png
static.xx.fbcdn.net/rsrc.php/v3/yD/r/ Frame 8633 299 B
721 B 26ms
5ms Image
image/png 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3/yD/r/FEppCFCt76d.png

Requested by

Host: www.facebook.com
URL: https://www.facebook.com/v14.0/plugins/like.php?action=like&app_id=456842347781417&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df3eb290368a70ac%26domain%3Dwww.thivien.net%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.thivien.net%252Ff18819d0e31643%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2Fthivien.net&layout=standard&locale=en_US&sdk=joey&share=false&show_faces=false&width=440

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
x-content-type-options: nosniff
content-md5: OIlAxCmR79nrM/Ez4ygGlg==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 299
x-fb-rlafr: 0
x-fb-debug: iEjWblxebIK3SsG9JUThgWy9iY4qYrvjnd0Vx/g98syPUkpwkTOF4d9cM3iEV8Q6SdXHyzZWAqMkOwUFEMTI9g==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 15 Feb 2024 09:57:17 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D36F 0
20 B 19ms
19ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=ChQIByoQd2ViX2ludGVyc3RpdGlhbAoHCAgqA2x0cgocCAEqGGxhcmdlLWJhbm5lci1yZGEtdmFuaWxsYQoKCAIqBnNlcnZlcgoaCAQqFm15c2lkaWFfYW5hbHl0aWNzX2V4cDMKDRArIQAAAAAAABhAMAQKDRADIQAAAMzMPHJAMAQKDRANIQAAAAAAAAAAMAQKCRAeKgMweDAwBAoJEBkqAzB4MDAECg0QKyEAAAAAAAAgQDAECg0QECEAAAAAAAAAADAECg0QESEAAAAAQGPUQDAECg0QEiEAAAAAAAAgQDAECg0QEyEAAAAAAAAQQDAECg0QFyEAAAA0M-NzQDAECg0QFCEAAAAAQPbVQDAECg0QFSEAAAAAAAAmQDAECg0QFiEAAAAAAAAUQDAECg0QGCEAAADMzAx7QDAEEhpDUENKak1tanV2MENGV0xNbEFrZFFzSUloQSIadGV4dC92YW5pbGxhX3RleHRfY2xvc2VfdjIoAw==

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/164715e9a72d7bd173c872e14587b581.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0YP7pJNiznC.js Show response
static.xx.fbcdn.net/rsrc.php/v3iEpO4/yl/l/en_US/ Frame 8633 516 KB
134 KB 10ms
6ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://static.xx.fbcdn.net/rsrc.php/v3iEpO4/yl/l/en_US/0YP7pJNiznC.js?_nc_x=Ij3Wp8lg5Kz

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4385508e5e7708b4c2b10448ac343c747a2af6d161655f1fa34d240ab1d0fb01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.facebook.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
content-encoding: br
x-content-type-options: nosniff
content-md5: gjHAPoCg+yxnoquNluYg+w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 136751
x-fb-rlafr: 0
x-fb-debug: Rv0b61CMPPOgUltr7E0P0oxTnQA9+4PuZFEtj6EPytZbQkorJA1s9dh2jkivwMVYLEcgGFcdbkWpBedWvFYEfQ==
x-fb-trip-id: 1512268381
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
timing-allow-origin: *
priority: u=3,i
expires: Thu, 29 Feb 2024 03:03:25 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6193 0
20 B 20ms
20ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BU5dgFgj_Y_WuG8Pl_gTqq6KwBwAAAAA4AeAEAg&bg=!Xl2lXQnNAAbK-VRH6vk7ADkAdvg8WhfjuwDEA3jUQDBdrSbVQNhX5ByDArrue2jmNS7yxqEMEvD9aFjDRe00MOP3dSMSMUBlCAICAAACHFIAAAACaAEHmQLkBc1_f_5dzvY7mChg4mU0KgoA0j9rQWLBNpvADU0I_M8PkCbmJua3txRUjAmczwXpsNh6JTO9eu6tr91mAdUukCZK_FS1YkIQNi-KIh-FuEN7Tp7hZlE-43h4fK4Uj7DXtm5NWImEtTd1t1kmHaIoC8i7Ko_trHHULI6usOe6ikPsMQVPc_W6GWmEsa_L6x2BSEOf1zD9MwRB5b_84x0Zlkm81D3MOGpk0hxZF2xRXPJSUwcrZTnEALrrnRHkkIDpu_CrXUCKV1ub7_sfYo3jfi2hR5uIIJ_WI6USxiFFdqIkrfvtPHjuV9nNogZvfVaF_2hwRqHyugYACgnal_1wl6o9X1INzEMZzYGCbZ0YIl0KdaXT1JPySyCO-OfYqrOmiuHW_f4YnO9TtmCQquWciiBY3usENskDUsDAy-cEV5PREGn8aiKJDojq9EqZK5nwAd1DtnguGVoXemQItKz3ZE5MqCI1yI_CurpnomAdJydL4JYy0ETdHx4SIdXw87TGpXzscuvwUMAvp9cozGcRZgxmFH6OdCz7wAk6acb_g9HLRkmQQuRcmkGMdE3EEEUgcYfTO319sVCFb1AaNHZlxsWcQ02S1bz0pzgcEdh6j7r-HAvYh2S-dsRLaWPHO0DQNu9ab0NVDKLr_U5nv3WPubR5S3ZOjjJpU2GD5poRjYh2Mk2tMmsVSDb9oewK25WGIsfqzRE2WI4aLh837lj_9Nussb6-OtuiV6gW9424DlgydvIvfzTreXPOuA1oROt0kvC8eW4sqRPuIoCoXKC11SrDBuT47VV0WgphmgTTgJU85fp7fNfhYFhTQqMoWQd_DRaf-mJwRa7z3mMn-JrBO9Ugs_AoepIFGy_yCQzcfalEGGysTHavyiSlhAuDS7rwjMpOGlnIwNMc37q6B6__lB0ygbjUWpWIfva6Up34fVU--kOm3mGkA4fhK2o4LFcllZzjPnA-tPuBdb3RdLxZF2UMmNI

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8BEE 13 KB
5 KB 5ms
4ms Document
text/html 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 44966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 28 Feb 2023 19:39:29 GMT
expires: Wed, 28 Feb 2024 19:39:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1370 783 B
536 B 27ms
25ms Document
text/html 2607:f8b0:4006:81f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2004 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

00466da784f36f4b630474d0ea508463bcf841c354011b51c673591639051da3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ki959_dq6Vld1ILxr7zYxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.thivien.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-ki959_dq6Vld1ILxr7zYxg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 01 Mar 2023 08:08:55 GMT
expires: Wed, 01 Mar 2023 08:08:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js Show response
pagead2.googlesyndication.com/bg/ Frame 8BEE 36 KB
14 KB 4ms
3ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/U1KVG_mJ4Y43Q94sC__L5Y27Ilp_TqM8IF3zBLVmW9g.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 24 Feb 2023 20:32:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 387372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14276
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 13:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 24 Feb 2024 20:32:43 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F11 0
20 B 17ms
17ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3852087598585&version=m202301230201&ct=76&x=1&cor=12254389260500490000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1370 0
0 22ms
22ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023022301&jk=2558192966104257&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 8BEE 0
12 B 4ms
3ms Image
text/plain 2607:f8b0:4006:80b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?2X6G3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80b::2001 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 01 Mar 2023 08:08:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame DA43 42 B
64 B 26ms
25ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstIZMVTbTrqzF39TYnv2ES7EwOft6nhmkEE10XEdPHpB9_mstVvqlo3QlMdSLV3MGg8p02Ig30yz_Qy-3Wyj-Xpma--KHfeUOhDAhwMP7dDdtvxDgh2FlB4ePVeblk8clXwiSY&sai=AMfl-YQEKZJOXPe6H3h_BzF2TW-iMQ3iW9DHdJyvy-JyxaS9vxXnncSui6n1PiST0izZTIARx2A6gcYrp5kb&sig=Cg0ArKJSzFPBihE_quf3EAE&cid=CAQSGwDUE5ymp9d6Tj7c9C1vSTSr0pG3bhWopGSW7RgB&id=lidar2&mcvt=1000&p=0,0,600,300&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20230227&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&vu=1&app=0&itpl=4&adk=4155854282&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1677658134101&rpt=935&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0D53 42 B
64 B 26ms
26ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss12KOtxH0IGCP3WDb166BZ1rhEgfIbKS01JNy4hVLyG4V8x_uL8Xnu-OaexLmGyHJXPNjXwedh8uw1wD5cAKS7vRWSb9ZvxrsziAZ6A7Dd5r4QfBpZYaa9DUaeia-wJvKFuW4&sai=AMfl-YTo01TM4dRpgVfHEL1yi_qW3k0bLqxRzsBRcgPRKXgoZVGj947CVNw3TNyrRhNWCWOeN_RNTRBKuSdW&sig=Cg0ArKJSzI8uCgpRI7eAEAE&cid=CAQSGwDUE5ymuvHHSlWJqQfWM9tqxjlzh7hYnrzUXRgB&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230227&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3766599677&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1677658134081&rpt=1048&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9B1 42 B
64 B 26ms
25ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsveX7wI9YALotUBns84DvzJZsAO8qj7i_aBFERVSxswEUoNtUnj2K6SDr8TRPxSvDZ56utTDfTUjhzCqo2EY07kPw_MCJJ5PhrpI98BzCqtw5b0oGqYsPTWQhmTauATwWU-YOc&sai=AMfl-YQedN9VjWYYr9cHX0_4j-odVVQgxn7DFXuDnqW8pCqyp4k8wyz2QNHwtq-RWuJ988m_QT9LVR9PzhTL&sig=Cg0ArKJSzIpJc54toPlMEAE&cid=CAQSGwDUE5ymn3I4O8N3Gbf2sujSjpD3idsbXGbeaBgB&id=lidar2&mcvt=1000&p=0,0,280,1150&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230227&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1919786447&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1677658134074&rpt=1244&met=mue&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Mar 2023 08:08:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 24ms
24ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023022301&jk=2558192966104257&bg=!WFulWw_NAAbK-VRH6vk7ADkAdvg8WpOXWY_lWvc3W3mKEYPVVyjjGZvH9Z7eWA48rwvgE46gZC3uUZiufR9yyppr4oU2_qdseYkCAAAArlIAAAACaAEHmQKrhTCf_qXlpcHVTDWlsy89_hKEkO6Htk-sHpPMl7EunLRxC7TTaPfEsnPA_7C691FXeZMQdet3tOXIfV8rMfqx8m6pYgRUxIoFIpFod9zCpKC3TNWgnPmD2v32-uVx4RvQKpNlCXONyerPyumfUpsxfA_0iQsgB__XdrmSgrk36qP2OZj8OMrEuMMh9PSALGuggRsyXcgn-zQqEvMnHujbvWxQTpAGKxq9gL7gMTCaKN8yUefWF_l0Yzzqb7Gj5evI5FrGou0FZ6izL72VNmnRLXfZuaib0JcGkOYozJreaqdxVPqwcolHxznc3mxDI2XWr2VNE23iKLCjP-c30Wlmu-nKJSM_QBG5EWxGI_RrqgwfGIKsPRQu9fjliZhcnUH7ST16llO1hj4Q01rfSmEN9wn9RxNcmsH32wDjJaZN9YknxMOdqtpLA55pWjg94kKxM6ArbmXb7cMx9YFT1UBCYXJk2z1mpFVK3FvGSUSzY15c4SIdKC6wu4zafrh0hVTW61c9ycQ6cVxRY7_R6efu1TxiILD5HB3MHT3AV73mVQsoBLUoG5J-l1F1kzU_lHz7TVFc_bR884L70IXHKx0j6shgutrW7rzcI7xEDldD-oW5QzlkLYmepVXHJnZUrPqEHTELCRv0umwWmqk0p-FsJKortdeJKqj2u77cumTFsxuk1pOAAYVB_szRYS6lUZZONDHGPNG9lVoPodfn9KoLyfZA6Ccs_qebMXEJOD2_tKv8iEwV-L-1XvyhbwSFQ9rijkVdNEJnFbk_zqC5ReT3_EPmKDNKR3yF4cf4yqVnUtJFqCjaWnoK_axbHQ0rVoy0Ri0GfPzP7-qqCMI-yhaYbDJF3RyKUFeSW8e6JhCq_A9DK51uc_WuOIZPNfGaHgGJKIactn9eU91vpzc
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 Nutley, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.thivien.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

132 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.thivien.net/	1970-01-20 10:01:01	Name: PHPSESSID Value: b91gdcstg9l7k9ftpu54cfhbq8
.thivien.net/	1970-01-20 19:36:58	Name: __utma Value: 150790643.1385919515.1677658134.1677658134.1677658134.1
.thivien.net/	1969-12-31 23:59:59	Name: __utmc Value: 150790643
.thivien.net/	1970-01-20 14:23:46	Name: __utmz Value: 150790643.1677658134.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.thivien.net/	1970-01-20 10:00:58	Name: __utmt Value: 1
.thivien.net/	1970-01-20 10:00:59	Name: __utmb Value: 150790643.1.10.1677658134
.thivien.net/	1970-01-20 19:22:34	Name: __gads Value: ID=6042c474220cb182:T=1677658134:S=ALNI_MZyYqEtyHY-M5ONIzH6ydmuilJIHg
.thivien.net/	1970-01-20 19:22:34	Name: __gpi Value: UID=000009c5ed36f5d9:T=1677658134:RT=1677658134:S=ALNI_Maqnvu5tEK7s18du218ZkY5vWRSYA
.doubleclick.net/	1970-01-20 19:36:58	Name: IDE Value: AHWqTUmnfI874rdEB9_kvh8OnIXsEXATkxG1AMetZWYb83X2RNG6UPXWWm6QBHH3
.adnxs.com/	1970-01-20 12:10:34	Name: uuid2 Value: 1301454665606797958
.casalemedia.com/	1970-01-20 12:10:34	Name: CMPS Value: 507
.casalemedia.com/	1970-01-20 12:10:34	Name: CMPRO Value: 507
.doubleclick.net/	1970-01-20 10:00:59	Name: test_cookie Value: CheckForPermission
.casalemedia.com/	1970-01-20 18:46:34	Name: CMID Value: Y-8IFtetZdAclCAYRLoloAAA
.adnxs.com/	1970-01-20 12:10:34	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTxd5sS[!]tbPl1M>e)ZlrFUfJ+tGXxpSE%FL2_%2MK?s0B=SeT5X[/CCm`dX9ZN-.*23If)y3KL9D3I?+7D5:+l
.doubleclick.net/	1970-01-20 10:01:01	Name: DSID Value: NO_DATA

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mts0.google.com/vt/data=RxVTX4acKy0kR7Or15oy5i8lCKpy552wMHAfBMtGqm2IgfyGAkDmH5U0IeBwJqmPS1bzhhR_sTVuBmIbCY87kg Message: Failed to load resource: the server responded with a status of 400 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0ce44f52cf60d25602c553beb91d49aa.safeframe.googlesyndication.com
adservice.google.com
cdn.ampproject.org
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
ib.adnxs.com
maxcdn.bootstrapcdn.com
mts0.google.com
pagead2.googlesyndication.com
partner.googleadservices.com
securepubads.g.doubleclick.net
static.adsafeprotected.com
static.xx.fbcdn.net
stats.g.doubleclick.net
thica.com
tpc.googlesyndication.com
www.facebook.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.thica.org
www.thivien.net
142.250.80.66
151.106.103.107
192.40.39.223
2001:4de0:ac18::1:a:3b
222.252.4.155
2600:1f18:1aca:4281:19a0:6e54:6783:f740
2600:9000:21dd:3e00:8:48e:53c0:93a1
2606:4700::6812:bcf
2607:f8b0:4004:c1b::9a
2607:f8b0:4006:809::2001
2607:f8b0:4006:80b::2001
2607:f8b0:4006:80c::2002
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80e::200e
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81f::2004
2607:f8b0:4006:820::2002
2607:f8b0:4006:821::2002
2607:f8b0:4006:821::2003
2607:f8b0:4006:822::2002
2607:f8b0:4006:823::2003
2607:f8b0:4006:824::200a
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
52.22.86.99
68.67.181.211
00466da784f36f4b630474d0ea508463bcf841c354011b51c673591639051da3
016d819d2234ab4e40e78aa4fe7e3da9fc6b6eb7c77f84a19dcce2a18d5f4954
01cbb105faef1373e9d53ddc5e62c9c7b5f66cbc64c2c045a3daec0328b831e6
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0439c2127eb1812543cc77f0f41bd98da71691c6c2d5bbf9c565670f7fada88a
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
079fa76f67ce1099588de570da58dd17572c501bc2812381aa67337c8986ff67
099f342bcdd01d03cacd2d665bb82ed11b7110f74768ec40774de44140481a38
0aff82d513a8ba3dcab581ab2f6f03f07d39b9d5509e3221b36b2bb4f1dc3ad1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
10280b8d06c1cd8db9f5d32920248a683cec55f1a922378b9c1956be611ab3d4
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
15e749617a3856bfaa4d2cea0c50d88366d2b579841bd5a45bd2d34062babc51
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
182dedb31c7694bb599f525efb2d3e29c746a3b312861b3a31a492bbc87deadf
184f7e9267bf77e6df354fcbd8c87029012a59f9aa277fde93f376349ee0f0a6
199b2f6d3a1d7ee96984e5ef257ccdc8403913c54bb16de97558aa3bd6ba1f67
19aed7d310d8bf5f137d0273df387b2d5b023e7c8eda1d30c1f7a8459d5a3bb9
1caef3036d1fd614a43968b8325142f08ec2db7bffdcee146fb62746a18ce708
21532c92afdb6ee683dc0831b4c4c31cef58951dc9fc0ecb0b9d5e27f3bf16fb
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b9d9274f313b4d901d96e9622057596ab6441a5119ef7ab9706df47c7d5c55a
2ff484e17c5762aca9d28ef090a9514592712e78bf1f6621af41352ab98e9a30
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
38935741f6939baa18b56370cf3e8a1b20e1e52439ded7d8dd4c5e39a5ca2672
39904940522bb09bbd737535004d61b844d03c58434a318557a5674655406d9b
3b2e8cd03a76b243eca9a0e60815deae7256cb7a2de760eb9ee82a0cf31ffcb9
3f13c6b3026bf5f9437ea17554965e56be1b5ab25b5cf6f3de7415b5b8bd2f60
3f323e9916e2dcec1625d0654d3e4055a76cb7162d1c477625d898c5946eeffa
41b7f4ef86f2344e72da822fe79265700ff1bf3361450a02ab4397ff1a5eb040
4385508e5e7708b4c2b10448ac343c747a2af6d161655f1fa34d240ab1d0fb01
446b75df3aa450dc67047c4ae08d0ba75cd173ee74cf644281c31ecd61c92b7c
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
4a642da827ad3fb5b4bd419082f0b6da9e60654433368a9d3cb829058ba19f28
4a6fab14bfe7b33fe5dc5349a2bb3720037e0ed7ebe621b352340f9514d83c08
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5352951bf989e18e3743de2c0bffcbe58dbb225a7f4ea33c205df304b5665bd8
53b99e4bde7498900885e58f9d6c383258f8a59b04389d6b54d3d4b89537b6f2
54ec5d49fd3dbb498c6f9fb4746bb071d87b86ae802c77b238b3eace00999e14
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55e7cc088cc81247f8d0f97463894e380dffdacc77cecbe5b6e85cd8b64b6cdb
59b45f14285c4aeadef95ddba1cb7101782bffadccd75b26815d13cad26288fd
5a0093df26b73c46a3dcb4faa9d4601fbd0dc02daf3944b55d80e26453459665
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5ccac6220939e464bae744df0cabc646ca1078d982ea076783e905f47eb4014d
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62c85d3d7e8f09f0bf074e314d0993b68c343bc19127fc2000472791ce03ae9a
65f22d8aa0690bd9cf8ffe5d68e5f6866b05ed8fc6f6c9083b996c1b3c4c75f4
666c5927d6bcb88b762bc42009cd3909361fab28d80d5e16b2abfc8f06d93935
717ca4fd4a6c577b435ea4f65a4e75ad06b214ba49bdba24351075574d7ad867
71c8d8b213ba2212534b3ba0fd575b76e7a8c5b44eb52123f7dda878406237cd
767490771fd757b00d43cba09ed533279dcc548d8d0087b64a4f9579b0532bac
76dfc7a91c655476ad47819d7c2ce497cabf6ab461f7c71f2f2a32afeb02fb06
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7ed69dd94665113ef6a0491ee025cd52bb7115040dfa7e7883c02e174b123fe2
84604fb0bdd38ebb5934d5c9351465d66a0505399cf389ea25970ac42e6da866
87113c1d3fabf56718bb13834f36e179a2896a10fbd0ece17abea83e72bb145d
8878d98ccb41ec139e1d88104ed132d3050c7231042659e67212728988413979
8ebbf5bba57c2f5dce8b41e60e3522bc40fc3c9c4cf611998773469e30c1b72f
8eea259e9ec11dd3980f263480dd5f95e8218555cd57f4a073d4665e1affb5e5
9518cad0cb9b991cf7cbcf4cc2bc537f78ab2db57f57c68a834d5b7e3be3a24a
95b336f43efe86a337daa463a0b08d32a90ff906faeb598b9697b3355fe9be1b
9caa2064c3e79657de88afe6c469a4a9639865d1528df1068936e590cf8c6856
9fdff1ff00c7adcd655c77f6c69fc290a77119c7834f2d1ed224e3e3631eb5f8
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a148c8e49519dad1c63a5b4f880e96c6542708b49b0ee68f2a332eb92f0061e4
a49e61b6d6681308d160ce1cf6ce1b85e651deff16c6ae1c2df999ef3f0c6ec8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6338ec3de5ae47380cd6a7ca4ec9e4546ca1efccc9353d50e4af73d61105861
a64ac18511a1f15afc6f51edc89e41ee1c7f6444134aad2926b21743ced6c461
a6c19d8875246d4def23e273e3c6d2887aeba815c80128b91c8b86dc35e38e25
a7c4110155a3f061c37d1468692bb077d10d113009c30fff5da92bf7554c559c
a81608dc339cafe20ae03a65bf23b8bb1ba43a2849b7d6d1ca17a5bfeb9f12a2
a84fb0803620acdf77c0f41d652eb5538002ed610424bd0be051203ee50cf940
acc77d953020ee0ed38f6367aa3b9559bb49472dedccfb652d37bfd8836fa2e2
b123d3cd853f7cd9c7d7c92b0ca99a37b4fa7e654fca65be5f1a15fd9253635e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b774f9aed6fedf4b4421dad8f0a3bd6415fd5cb2d31ea925005767a48b33da1c
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
be3b15b1e68cf3e9278293d3b50491fe16c985e0ee5968852cac4fc062a7134e
bf604d68a81b4f3042807e4f9561e19db4130802cad8c53b39549c383a86ff77
c25eedc2a9d7b2d5677b9843ad2189f6395ebb0d1bf19ab7841c880ca5f1d353
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cd612255ea4905b4cc1e31f5a2fd6afc03d1de930f7c5787089dcde01414b89d
d06df53bd8ab72285864d95c968e3fdf2b1ec2301a2757fa2bb1058c7479e6ef
d1700a43bc40da2d69d238085ddfeea6fac6dc64ff76f5cef529d6fd6b619a62
d65f4b2e8eee94ddc7f762d098de19558d879a3b597c8913b4d075532e3ed4b4
dad893597cee2d49406c054380f9c338d1838db41083896ded6ccc6f26d8ef6a
dd89b5425b3952d9722f3ca811905cfac83b4168c7d0a8623a12794659168ff9
e02967640f9cc70fa78896356f18e59ab1ab17cd63ad9becc5e183ed5e57a71f
e08db7845481dd639a85faeebdb9de80d06a99b3eaac39268cbca8eb9229a3dc
e0be1d222e2e367ac5106f4aee4830c3de18af1d266f8cde53915e11e8b01bfd
e0d7ab14bc5ed77fd1409e38f9cb1503dca16090608948fa45beb698335b66e5
e1424ee6ae04cfe8dcca8fb4af13c1703cab408e83f89a301a515a58f419cca9
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e45fd1bfd4e9faa44d111f64bef4ccea9e66b10fb0a957d91019ac033b7c22c0
e924b8c34766cfb6092da5ca6d9f98e5bd5972946f1d7f1822057f10e79c3599
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f08882023271665c02ec4d402471292aab760839708d848ed98ce32d0d772d88
f20f51a5f209ec1ff2a8b8faf75b153c8030124f61a50ccb8b81e5c00b2ad23a
f24418b3b3ee2bca3d3833c12eaa868651dfea18917e40deae36c579929444fe
f50e59fa7a264b1674e5f94591375a26e9aea318036b2a629e5ba182df01b54f
f53b2103abffed07c86a43ad48a3a064677134cc7b52c0bdf9ff4f3b20d14656
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
fcff3928e18c57cc8b56b11a505c1c2a0fb0193cd442f8a706b0ca4bce04488a
fe433adb90f1b6314bb035fc6fcd2981c54c3cd192bd4fd74a498d83facc4fed

www.thivien.net Open in urlscan Pro 222.252.4.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

170 Requests

96 %HTTPS

77 %IPv6

19 Domains

29 Subdomains

26 IPs

4 Countries

2751 kBTransfer

6688 kBSize

16 Cookies

6 Outgoing links

Page URL History

Redirected requests

170 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.thivien.net Open in urlscan Pro
222.252.4.155 Public Scan

Screenshot
Live screenshot

Full Image

170
Requests

96 %
HTTPS

77 %
IPv6

19
Domains

29
Subdomains

26
IPs

4
Countries

2751 kB
Transfer

6688 kB
Size

16
Cookies

170 HTTP transactions
10 data transactions