xn----0hcdndtvomdb2jb.net Open in urlscan Pro Puny
מילון-אבןשושן.net IDN
2606:4700:3031::ac43:8ac9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://xn----0hcdndtvomdb2jb.net/
Submission: On November 17 via api (November 17th 2023, 12:13:02 am UTC) from US — Scanned from US

Summary HTTP 175 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 25 IPs in 2 countries across 18 domains to perform 175 HTTP transactions. The main IP is 2606:4700:3031::ac43:8ac9, located in United States and belongs to CLOUDFLARENET, US. The main domain is xn----0hcdndtvomdb2jb.net.
TLS certificate: Issued by E1 on October 18th 2023. Valid for: 3 months.

This is the only time xn----0hcdndtvomdb2jb.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
11	2606:4700:303... 2606:4700:3031::ac43:8ac9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e4:... 2606:4700:e4::ac40:ae06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
49	2607:f8b0:402... 2607:f8b0:4020:806::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:402... 2607:f8b0:4020:805::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:e4:... 2606:4700:e4::ac40:af06	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 16	2607:f8b0:402... 2607:f8b0:4020:807::2002	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:402... 2607:f8b0:4020:807::200a	15169 (GOOGLE) (GOOGLE)
27	2607:f8b0:402... 2607:f8b0:4020:805::2001	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:402... 2607:f8b0:4020:805::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:402... 2607:f8b0:4020:805::2003	15169 (GOOGLE) (GOOGLE)
1 2	2607:f8b0:402... 2607:f8b0:4020:805::2004	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:804::2003	15169 (GOOGLE) (GOOGLE)
5	172.217.13.98 172.217.13.98	15169 (GOOGLE) (GOOGLE)
6 9	172.217.13.130 172.217.13.130	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	68.67.179.164 68.67.179.164	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 2	23.204.69.95 23.204.69.95	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2600:1f18:612... 2600:1f18:612b:4216:d296:b4ab:44c7:4070	14618 (AMAZON-AES) (AMAZON-AES)
28	2607:f8b0:402... 2607:f8b0:4020:805::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.176.194 142.250.176.194	15169 (GOOGLE) (GOOGLE)
3 3	2607:f8b0:400... 2607:f8b0:4006:80d::200e	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:11::7	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:d::6	15169 (GOOGLE) (GOOGLE)
175	25

11 2606:4700:3031::ac43:8ac9 (United States)

ASN13335 (CLOUDFLARENET, US)

xn----0hcdndtvomdb2jb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:ae06 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2607:f8b0:4020:806::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4020:805::2008 (Montreal, Canada)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:e4::ac40:af06 (United States)

ASN13335 (CLOUDFLARENET, US)

display.popt.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4020:807::2002 (Montreal, Canada) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4020:807::200a (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

27 2607:f8b0:4020:805::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4020:805::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:805::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4020:805::2004 (Montreal, Canada) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:804::2003 (Montreal, Canada)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.13.98 (United States)

ASN15169 (GOOGLE, US)
PTR: yul02s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 172.217.13.130 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: yul02s05-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.179.164 (North Bergen, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.159.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.204.69.95 (Secaucus, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-204-69-95.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4216:d296:b4ab:44c7:4070 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2607:f8b0:4020:805::2006 (Montreal, Canada)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.176.194 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80d::200e (United States) 3 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:11::7 (United States)

ASN15169 (GOOGLE, US)

r2---sn-ab5l6nrk.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:d::6 (United States)

ASN15169 (GOOGLE, US)

r1---sn-ab5sznzz.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
79	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 97 tpc.googlesyndication.com — Cisco Umbrella Rank: 149 ade.googlesyndication.com — Cisco Umbrella Rank: 301	729 KB
34	2mdn.net 3 redirects s0.2mdn.net — Cisco Umbrella Rank: 300 gcdn.2mdn.net — Cisco Umbrella Rank: 1173 r2---sn-ab5l6nrk.c.2mdn.net — Cisco Umbrella Rank: 69679 r1---sn-ab5sznzz.c.2mdn.net — Cisco Umbrella Rank: 54745	1 MB
31	doubleclick.net 7 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 245 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 439	251 KB
11	xn----0hcdndtvomdb2jb.net xn----0hcdndtvomdb2jb.net	213 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	66 KB
5	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 212	320 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 625	3 KB
3	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 522	749 B
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 246	2 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1403	513 B
2	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
2	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
2	google-analytics.com ssl.google-analytics.com — Cisco Umbrella Rank: 574	17 KB
2	popt.in cdn.popt.in — Cisco Umbrella Rank: 28288 display.popt.in — Cisco Umbrella Rank: 28408	53 KB
1	tremorhub.com partners.tremorhub.com — Cisco Umbrella Rank: 1279	175 B
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 223	28 KB
0	spotxchange.com Failed sync.search.spotxchange.com Failed
175	18

	Domain	Requested by
49	pagead2.googlesyndication.com	xn----0hcdndtvomdb2jb.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com s0.2mdn.net
28	s0.2mdn.net	xn----0hcdndtvomdb2jb.net s0.2mdn.net
27	tpc.googlesyndication.com	googleads.g.doubleclick.net xn----0hcdndtvomdb2jb.net tpc.googlesyndication.com pagead2.googlesyndication.com s0.2mdn.net
16	googleads.g.doubleclick.net	1 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net xn----0hcdndtvomdb2jb.net
11	xn----0hcdndtvomdb2jb.net	xn----0hcdndtvomdb2jb.net
9	cm.g.doubleclick.net	6 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	xn----0hcdndtvomdb2jb.net
5	www.googletagservices.com	googleads.g.doubleclick.net xn----0hcdndtvomdb2jb.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.gstatic.com	googleads.g.doubleclick.net
3	ade.googlesyndication.com
3	gcdn.2mdn.net	3 redirects
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	fonts.googleapis.com	googleads.g.doubleclick.net
2	r2---sn-ab5l6nrk.c.2mdn.net
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	www.googleadservices.com	xn----0hcdndtvomdb2jb.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	ssl.google-analytics.com	xn----0hcdndtvomdb2jb.net
1	r1---sn-ab5sznzz.c.2mdn.net
1	partners.tremorhub.com	googleads.g.doubleclick.net
1	fonts.gstatic.com	fonts.googleapis.com
1	display.popt.in	cdnjs.cloudflare.com
1	cdnjs.cloudflare.com	cdn.popt.in
1	cdn.popt.in	xn----0hcdndtvomdb2jb.net
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
175	27

This site contains links to these domains. Also see Links.

Domain
bit.ly
www.babylon-software.com
cyberchimps.com

Subject Issuer	Validity	Valid
xn----0hcdndtvomdb2jb.net E1	`2023-10-18` - `2024-01-16`	3 months	crt.sh
popt.in E1	`2023-11-10` - `2024-02-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 29 frames:

Primary Page: https://xn----0hcdndtvomdb2jb.net/
Frame ID: 4CE624CD0451323F79C7ED60D6666A31
Requests: 23 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: 2A62E839C175E689055C084AA4E06824
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&h=280&slotname=8477636658&adk=543386735&adf=3450464683&pi=t.ma~as.8477636658&w=497&fwrn=4&fwrnh=100&lmt=1700179976&rafmt=1&format=497x280&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976415&bpp=4&bdt=631&idt=169&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=1740894881329&frm=20&pv=2&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=186
Frame ID: 1F1D1BC9C82280253A405F2C1990FB86
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&adk=1812271804&adf=3025194257&lmt=1700179976&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976435&bpp=4&bdt=652&idt=179&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=497x280&nras=1&correlator=1740894881329&frm=20&pv=1&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=192
Frame ID: A417D5EA56DACD399390389A0B26CCF3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 33CECC8C3946902265A8933CACDA327C
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js
Frame ID: 25FDF6A423D6631F47820F8283B55190
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 0F95C94016FD90B176E6B8B3416058F2
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4975D8B8C6D55116C227EC9E399E3131
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 8E71918FFEE8D9BC0C64F3488F7AB89D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: B1DC137FBCEC4390A5201718B3C97D42
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNVBEBaPlxjCbgyta5RkR18f50_qLdAFftYbhDOsDe8lDCK7lJcfzXKg7ybDahsBb088j7QYZN-RNFBU6q9TlXHPgTTaBw
Frame ID: 06C9D1B09ECC5ED152C3510618AD9274
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 50CD6B71FB8935F6F6F48397660B3B01
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNXf4fzDgEgf0luUo-Ydz9Qpwtgb2AGmAZyubLe64nE566LY-JdLdiMMx059ImOAOhqR6aOQf_OqiVAn9218mPJJZBLKQg
Frame ID: 1ADC62E33000E69AD23351A661A72030
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 45ED69C395C56727D5093A36AB6130EB
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjUsZn9ATAB&v=APEucNWzcIE9LXgrFFDYelKt4uYIK0YaHaaEr-MLQ8EbmXM09vf4B7ymtic9HV-RMS8LaH-DD5wcVNgFicKkBjqRy_dWKkXvgg
Frame ID: 7B1328376506E9AB760C0E89F5BA1C32
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: EDE59C937B0EED59388273AC967E9679
Requests: 19 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Heebo%3A400%2C500
Frame ID: 4764957F1EFF3EA1FE5CE21F7436904C
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js
Frame ID: 1140717636D243969359A051C22826C3
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 41CC6DCAAD1AA20F88281C87292F011C
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 35BE4CF838DE03DB039EDC939DBFD46F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 24BC09BBC3891BB8BA59B1A6F70DF9D9
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
Frame ID: 39EDB69642EBABBB47E1272512EF2019
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
Frame ID: 9F6D9650106E964B7C1E20D5893B1A51
Requests: 13 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
Frame ID: 2C408BB8D9CC1660D6304E5841ECF9F1
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: FF41EAF9987E13F5FD679A3DE5EB1898
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 19EBA3B085BA5A47B3D5360ED9EBDEA9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: 29E6D5120BE5FDA8011DDD6238200883
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: 67CEF07739EFD8E4387B62034E544020
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js
Frame ID: 7F154D597C04608EC937A5114ADE1025
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

מילון אבן שושן באינטרנט

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

175
Requests

91 %
HTTPS

72 %
IPv6

18
Domains

27
Subdomains

25
IPs

2
Countries

3014 kB
Transfer

7518 kB
Size

23
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://bit.ly/3KReQDg
Title: לרכישה מילון כיס

Search URL Search Domain Scan URL

URL: http://www.babylon-software.com/redirects/redir.cgi?type=direct2download&affID=14353

Search URL Search Domain Scan URL

URL: https://cyberchimps.com/
Title: Responsive Theme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 34

https://googleads.g.doubleclick.net/pagead/adview?ai=Cl43SCLBWZbviKd6CwuIP_9u6yAPrt5yXbMXdjvv2D5_m-dm6ARABIICpwwpgycapi8Ck2A-gAYyhnf8CyAEBqAMByAPLBKoE7QFP0NwERPh9IPH2bv_7mlsqGy4difiJwFRSs5Gd68Brzmmvm1tnDLMCTtCTKuNZHXO6CqYDbP-Tii4eeASUHjazYA2uHds__nFD7iFmtozIYHeNsPhp85Ft1h4a1PZlrN2Y_YioUDWK2QriYPvkV8me0oztQQmjMyiP1O9xhABMAE2jaDWi-NQWuJqUiakXG-U2X3ybp8ZwHeTKbUHGZlP8Ezc6pshuHhjSC4hQh99r1d1HloQ1iUjQGHmNCA3vce1R4iwlTsdh0UTQke0sLE-trimxo6wKm5FcFY2J4ICwDc7RJTHe4ruy5gaXIWzABLDAqImYBIgF-KP3yECSBQQIBBgBkgUECAUYBIAH3N7igAGoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBRDtlL8B0ggUCIBhEAEYHzICigI6AoBASL39wTqaCTNodHRwczovL3d3dy5pb211LmNvbS9zZWFyY2g_Y29udHJvbGxlcj1zZWFyY2gmcz1kdGaACgHICwGiDBAqDgoM5LSxAu61sQK1uLEC2gwRCgsQgPGzw86OmseaARICAQPYEwrQFQGYFgGAFwGyFxwKGggAEhRwdWItNzU5MDY5NjI4Mzg2NTI2NxgA&sigh=XGRR3jPJAPk&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTgDICaaNadnkclRUgDZAhvNn-1RQFxUHVZYSb0udx6ed5wQSnbwg6m6URGM0Mo0zdMMvm_H6pOe2SicgvimACVeE3fIo8bELr72gYgV09xgB&template_id=5020&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x4922aca62cc8aff30000000000000000%22,%222%22:%220x58232dab439acaf10000000000000000%22,%223%22:%220xeab6d0756f163c380000000000000000%22,%224%22:%220xf88e313e656bac830000000000000000%22,%225%22:%220x409b917095dd30a70000000000000000%22},%22debug_key%22:%2211575004593282174194%22,%22debug_reporting%22:true,%22destination%22:%22https://iomu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22803688588%22],%224%22:[%2211-17%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210661203358272230161%22}&andc=true

Request Chain 73

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1

Request Chain 74

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVawClRBAV9j5o3WDsdzQQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1

Request Chain 75

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEDD1d32LbX7ODM0fI2rgH_E&google_cver=1

Request Chain 76

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg1ODY1MjQ2NjYyMTUzNTkxNw%3D%3D

Request Chain 77

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfMyrQ5uIstFCu_9sBGV_M&google_cver=1

Request Chain 78

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWI5NzAzNTktYWI1ZS0yZmI0LWM2MjMtZWZjYzgxODZjYzdk

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEHHhlXHdI31zGTgP799e0kI&google_cver=1

Request Chain 80

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjcxYjJiNmUtYjgwNS00Yzk5LWE1NzUtNTI3OTc2MDhlZGEw

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm HTTP 302
https://partners.tremorhub.com/sync?UIGL=CAESEMmp56TugCvihqtAsfHlcGk&google_cver=1

Request Chain 82

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELKZG2bYpOsO-mPoRxbCr5w&google_cver=1

Request Chain 146

https://gcdn.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/B34632CC741E8A4024FC081BE1099DFEBCAEBB65.A412D99B13B0E784D6E08EF7D205C0D3B401AE5F/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4DDB047A43A5F03C3916D828B79E79E62A854CD5.573E0D7D44C28CD37ABDB7DDEEE4FF9BB3A6BF1E/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4

Request Chain 151

https://gcdn.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/6DC372853D029E85B1D5D5770B511DEEFB8C2CB9.41ECE6B206F25174B605ABF8D7DD97144D728EFA/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E09061032D7124247092067D6DCBE692EB3DB89.02B5C16FF71A39DADA90E658D533790CD875F651/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4

Request Chain 155

https://gcdn.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/AFC5634DC713D540775DAE0CD1BF5C2CD8EEB734.B8E47C87AD98F51C6E5D60A8B9D347E0F6919D7C/key/ck2/file/file.mp4 HTTP 302
https://r1---sn-ab5sznzz.c.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7E6C67CCCE7801DCF95DBDB37EBED936A122FE9D.2F8DA64044F23C97BF6757508A7D0BF6AAF8A7DE/key/cms1/cms_redirect/yes/mh/HI/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5sznzz/ms/onc/mt/1700179233/mv/m/mvi/1/pl/48/file/file.mp4

175 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
xn----0hcdndtvomdb2jb.net/ 63 KB
12 KB 451ms
383ms Document
text/html 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36317d22cefa939580c4170d71538e5a38e10997755399a78ccee8a294df9bb3

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8273c3ce3a6e4408-EWR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 17 Nov 2023 00:12:55 GMT
host-header: 8441280b0c35cbc1147f8ba998a563a7
link: <https://xn----0hcdndtvomdb2jb.net/index.php?rest_route=/>; rel="https://api.w.org/"
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4lL8aGl2Cpoib%2B9QDPr%2BZ8qp%2FazuJVlcJljxWGDWdCovgV39UI2ERZShnvydg0huwoV9v1ZA%2B%2B%2BJku%2FmHd7vtZZAgfKXv23xZQLQcAObHv9Lf2FLv81Taa%2FDyyzc%2FX9QXoW3qaIqzAxF%2F%2FzwZXHCZ4Jz7MG5%2BL0D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-httpd-modphp: 1
x-proxy-cache: HIT

GET
H2 200 style.min.css
xn----0hcdndtvomdb2jb.net/wp-includes/css/dist/block-library/ 107 KB
15 KB 407ms
404ms Stylesheet
text/css 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Nov 2023 05:11:11 GMT
server: cloudflare
etag: W/"1add3-609c5594c86f9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLoYb4Zda3xfAJNXQT%2FSmajQzg3eM8Su5QmuMxeh6XhJ53UuXvSe6k1kfPJiAlRoUY4pTkCMRnP17ccYtK35ZCcqbLR7iaZxhuvBr30ialb33SlcmeF%2FNkixzLdoRZapB1pxlkXa0KdWXKXw5W9%2FMnn6bv5VpfQw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8273c3d0bd2b4408-EWR
x-proxy-cache: HIT

GET
H2 200 wordpress-svg-icon-plugin-style.min.css
xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/ 31 KB
6 KB 334ms
332ms Stylesheet
text/css 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/wordpress-svg-icon-plugin-style.min.css?ver=6.4.1
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b9dcc63401251a6b27ceebac0121e2d6b76d216928e908865213468e5a6c4c1f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 22 Dec 2022 07:48:27 GMT
server: cloudflare
etag: W/"7d4e-5f065e4f32409"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GRJokePKwzt7TwWJ4v3FyyMwWodbkO%2BYle35jNZNDY%2BA%2B8wrvMGVmaLbd%2BO5%2FIAoT8UI8oUnBG94WJf519mx6nJBy%2FCRk073%2FN%2BiX0iPNzbBZcFnPZgUbE2dXMvO46dUkojqtqnSxxstrQ96FJ6ndGPYdyLz%2BbxF"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8273c3d0bd2c4408-EWR
x-proxy-cache: HIT

GET
H2 200 style.min.css
xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/css/ 703 KB
33 KB 464ms
462ms Stylesheet
text/css 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/css/style.min.css?ver=4.8.3
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfcc37ec3595c7d400e6566ceb4fe675ae993db6b9d6beeb0dbd66f6befdf2be

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 11:43:14 GMT
server: cloudflare
etag: W/"afb36-5fb55608f9b43"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwS9Idv%2BmClD5HbmF69YqUcpeiQPnhJmNv1G35jvUHZZ7ZTTZVHV60RgU18XVURhs96By9l1I9e9N1v7cHtOfzKxfrJXNQso%2B0AzSFdwZaFBhcRNyDwkWQ4C0Kws05qyggStyevlqbjZKR2eDiMt%2BzvAv5LVclZ7"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8273c3d0bd2d4408-EWR
x-proxy-cache: HIT

GET
H2 200 style.min.css
xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/css/icomoon/ 6 KB
2 KB 317ms
316ms Stylesheet
text/css 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/css/icomoon/style.min.css?ver=4.8.3
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5fb04e7e63910cb1c70b7184261bbd6d6531dc7498b58023035096b142b23e20

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 11:43:14 GMT
server: cloudflare
etag: W/"160c-5fb55608f5cc1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bjLBcAyRpNwtdPCaiLbONdin77j%2Bv6%2FIMJ%2BZGoZF54U4WKGwxwGWDJ6rQJnfgrMAV0TvJPKtJTHpUTqfoARFlTX5LiRwsiAzESoT05tmzgBeKlRoU4Rpn0E34HaRWwZzAFs0%2BLrO1SojJ0qW3ify0xMASMKOs9QP"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 8273c3d0bd304408-EWR
x-proxy-cache: HIT

GET
H2 200 jquery.min.js Show response
xn----0hcdndtvomdb2jb.net/wp-includes/js/jquery/ 86 KB
31 KB 383ms
381ms Script
application/javascript 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 10 Nov 2023 05:11:11 GMT
server: cloudflare
etag: W/"15601-609c5594ecd02"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aSVFq2fr%2FwkBnVMfdZpCEGX2%2F6Kc1pbLNoE%2FuuOXl2DqoTYh2pSgnIQdDfTAWhjpefoJZwwA%2Fp3skNYaEacz6q8xfzOdoZzZ0tahTYl%2BYeYwZH0k7y9g3MJaGI9GFwXLZCQOCuISqlssa5I8P4YaMyXz8Lh%2F%2BJmF"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8273c3d0bd334408-EWR
x-proxy-cache: HIT

GET
H2 200 jquery-migrate.min.js Show response
xn----0hcdndtvomdb2jb.net/wp-includes/js/jquery/ 13 KB
5 KB 371ms
370ms Script
application/javascript 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 10 Aug 2023 01:40:04 GMT
server: cloudflare
etag: W/"3509-60287ace6f383"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HkH8XzK6Sjn%2BXqJHfCkSyoGrFoMRGFyaZYDLBWmvTgNF03At65cXJ9J2M8lbwLc%2BcNdgCVc8Erb1m%2BPdOUQQwSkDIecV%2BPyDW7Jkf%2FxEWM0JGKiEle8yjkNUjLu67G5Zv%2B3jwqCTnDC0aC0mgI%2FA25zIYMJsNyUm"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8273c3d0bd354408-EWR
x-proxy-cache: HIT

GET
H2 200 pixel.js Show response
cdn.popt.in/ 226 KB
50 KB 58ms
18ms Script
text/javascript 2606:4700:e4::ac40:ae06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.popt.in/pixel.js?id=551adbd95895c
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:ae06 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 59a4409e8fff44bfb6210a7e7a8a469d7682095d500ee4dd5b9df16b2e8b6be0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
x-amz-version-id: pqaE12oW3jvc9nBEfSlN7zmS5e_AAZOo
via: 1.1 c3084b8da81c3551ffa5c6179e9f6140.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK52-P2
age: 4765
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 15 Nov 2023 10:53:07 GMT
server: cloudflare
etag: W/"60890bd031f3678619396a75827e4cd3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gEkSrjUMDeTAIJz%2BtCndK5hHT9SF%2BTALp8rVVOA0uY6A4990Uo2UvS6mo0H7y50cbMadjDLPoi0WSIyZ4Ar0Se1qL4pTR4B%2FMNfSY%2FlYQcJzYY8VrRilkLbms4369Elg%2FqG49pYs20QBdA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=1800
cf-ray: 8273c3d37a9cc457-EWR
x-amz-cf-id: _pOvkWw92bTDE2XFJomShf_PWZEzac4rrg0tKNfg67Wjg-l_Xyq0hA==

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 152 KB
52 KB 120ms
79ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dee401ca619ddd028d12fd072f23decb09a8523a395467a32e1d37eade263c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52947
x-xss-protection: 0
server: cafe
etag: 1933857192030213372
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:56 GMT

GET
H2 200 navigation.min.js Show response
xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/js/ 5 KB
2 KB 325ms
324ms Script
application/javascript 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/js/navigation.min.js?ver=4.8.3
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a2cd4fc9197326d8af06b92119325e53357f6864d732f73d3111e1157e387c89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 11:43:14 GMT
server: cloudflare
etag: W/"1269-5fb5560901c2e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JR%2BOOGLt4%2FjC9cmClQ%2FMcCYY4CWRNxod9HdM9w75cDXfXp02k8Kytj5shUyiimEGjTopKkZmg0xZer74GFFJn6dV3F2eGYvLsww25KF9LmxwxqIHb5adQcaZwZJAjM2li7fD20pY066eYo%2FmJO0KWYYYnTP2Vup3"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8273c3d0bd364408-EWR
x-proxy-cache: HIT

GET
H2 200 scroll-to-top.js Show response
xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/includes/customizer/assets/js/ 2 KB
871 B 324ms
323ms Script
application/javascript 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/themes/responsive/core/includes/customizer/assets/js/scroll-to-top.js?ver=4.8.3
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9ddc2ccf2c98b0a6fcc039d8c9f666619077935b3dc18aeb5ed12164b51e8b6a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 11:43:14 GMT
server: cloudflare
etag: W/"658-5fb55608fc254"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4SmXVxHkWaokZDOfF0EJIiXTJxFjWuE2JQraBj%2BdrwCssu%2FwkR9EOSy66RlzhKMZ95jQzx3cjyBS1OkUjzX7dgZIttZEMbC4rmSPHw6YjYJplyAP8WEwj6ZSVgQO6MkcWgVvSsl8evkVgIrgKqYXf1ggP%2Bvb%2BA1"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8273c3d0bd374408-EWR
x-proxy-cache: HIT

GET
BLOB 200
OK d9e93f7f-1158-448c-89d5-17c7281a3c5a
https://xn----0hcdndtvomdb2jb.net/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://xn----0hcdndtvomdb2jb.net/d9e93f7f-1158-448c-89d5-17c7281a3c5a
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 56ms
13ms Script
text/javascript 2607:f8b0:4020:805::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 16 Nov 2023 22:50:52 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4924
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17168
expires: Fri, 17 Nov 2023 00:50:52 GMT

GET
H3 200 wp-svg-plugin-icon-set1.woff
xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/icon-font/ 101 KB
101 KB 468ms
467ms Font
font/woff 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/icon-font/wp-svg-plugin-icon-set1.woff
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/wordpress-svg-icon-plugin-style.min.css?ver=6.4.1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 864c68610ba0c41b5585b830852ad4bd587afd25caaa2ebfb9fa9539300c2935

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/wp-content/plugins/svg-vector-icon-plugin/admin/css/wordpress-svg-icon-plugin-style.min.css?ver=6.4.1
Origin: https://xn----0hcdndtvomdb2jb.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
content-length: 103056
last-modified: Thu, 22 Dec 2022 07:53:56 GMT
server: cloudflare
etag: "19290-5f065f89a5fe0"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K6E0%2FIRq5fhu8S3DbvB1RRfRXQXzksgGoQRIwmrtRttbXUatVeE%2FvwOEIcxk6YjYmnRTfaarqgoDe62r23c%2FAwPrx4gNoOEZNmqR4zqJPVldz48Pg15RTNNtcNipXoitAGj3cXtMDeCk8bLadfxw2mbchJNAySoR"}],"group":"cf-nel","max_age":604800}
content-type: font/woff
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8273c3d3dbd942ce-EWR
x-proxy-cache: HIT

GET
H2 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/ 87 KB
28 KB 29ms
13ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Requested by

Host: cdn.popt.in
URL: https://cdn.popt.in/pixel.js?id=551adbd95895c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 1361627
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27964
last-modified: Mon, 04 May 2020 16:11:48 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec4-15d95"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=amt7lQouEYruY00kyIJID4tZImvprS0UDX3QG2iQB5PPJtnpid1N9rXk3cBfRvk6%2BacjQ8z8pET3fUU27SLcCpRiZWipCfL20ZarNrUHfE6EaD3rtjRBHJC%2FEq44%2BovVdvBEnTNkoY7MZFHM6xDF2%2Fsr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8273c3d42c3b19ff-EWR
expires: Wed, 06 Nov 2024 00:12:56 GMT

GET
H3 200 wp-emoji-release.min.js Show response
xn----0hcdndtvomdb2jb.net/wp-includes/js/ 18 KB
5 KB 334ms
334ms Script
application/javascript 2606:4700:3031::ac43:8ac9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://xn----0hcdndtvomdb2jb.net/wp-includes/js/wp-emoji-release.min.js?ver=6.4.1
Requested by: Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3031::ac43:8ac9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-httpd-modphp: 1
host-header: 8441280b0c35cbc1147f8ba998a563a7
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 10 May 2023 11:45:33 GMT
server: cloudflare
etag: W/"4904-5fb5568d85634"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YfauTzzAy2F7x5%2B5S5r8lFBKHq3Ioknu27o1jMA24C9xxOvBxWQXpo7gUYyI4zHAtjk5YPpNkFqgznZBquT0R0ORv9nMia2W%2B6Hy2efabYhfrQ6H0Z3UlHRC%2BuTm%2B0ary%2FZAVJKOb1SAMnIjFK1%2BI1m%2F0yWG4FmQ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 8273c3d41c0e42ce-EWR
x-proxy-cache: HIT

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
197 B 35ms
35ms Image
image/gif 2607:f8b0:4020:805::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=2142874279&utmhn=xn----0hcdndtvomdb2jb.net&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=%D7%9E%D7%99%D7%9C%D7%95%D7%9F%20%D7%90%D7%91%D7%9F%20%D7%A9%D7%95%D7%A9%D7%9F%20%D7%91%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98&utmhid=335042014&utmr=-&utmp=%2F&utmht=1700179976359&utmac=UA-4368874-15&utmcc=__utma%3D12921726.869174392.1700179976.1700179976.1700179976.1%3B%2B__utmz%3D12921726.1700179976.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1069519906&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2008 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:56 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 551adbd95895c Show response
display.popt.in/APIRequest/ 68 B
3 KB 142ms
113ms XHR
application/json 2606:4700:e4::ac40:af06
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://display.popt.in/APIRequest/551adbd95895c?domain=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&referrer=&previous_url=&cookies=poptin_old_user%3Dtrue%20poptin_user_id%3D0.qemd0j21twm%20poptin_previous_url%3D%20poptin_new_user%3Dtrue%20poptin_viewed_session%3Dfalse%20&triggers=&cc=false&if_mobile=false&page_title=%D7%9E%D7%99%D7%9C%D7%95%D7%9F%20%D7%90%D7%91%D7%9F%20%D7%A9%D7%95%D7%A9%D7%9F%20%D7%91%D7%90%D7%99%D7%A0%D7%98%D7%A8%D7%A0%D7%98&origin_landing_page=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&if_page_refreshed=false&poptin_viewed_url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&previous_visited_pages=&shopify_customer_id=0&cart_total_items=0&cart_total_price=0&cart_products_ids_list=&cart_products_org_ids_list=

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e4::ac40:af06 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6ecfd1daac5c0eac2b8e47c43b893aee49524cdd77ff16a0c2b3fc792eac0df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://bc.popt.in https://.mybigcommerce.com https://.jumpseller.com https://.myshopline.com https://.myshopify.com https://*.grisynava.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://xn----0hcdndtvomdb2jb.net/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-security-policy: frame-ancestors https://bc.popt.in https://*.mybigcommerce.com https://*.jumpseller.com https://*.myshopline.com https://*.myshopify.com https://*.grisynava.com
x-content-type-options: nosniff, nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uNrGdNGD27ROq6HIMBUm7PYJ%2FKWWpVe6cNuvbBO1aK2foSPCh5IgckKhPYaAlm8FRsTEZYQzLa%2BC2YiPAX5qE7mQhdnAYUcVGvjgNdfVCUHDLa2V2tn3v5miLnw2WPryOjN7VnVQdNvn%2F870AfI%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=0, must-revalidate, no-store, nocache, private
access-control-allow-credentials: true
cf-ray: 8273c3d49b584303-EWR
access-control-allow-headers: Origin, Content-Type
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 397 KB
134 KB 76ms
75ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3f9c51406c104b9d5edb7acb5745bfcf7c4a4b1ef51e63f0d5a366d7f39d42eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137249
x-xss-protection: 0
server: cafe
etag: 7554652691387317982
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:56 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame 2A62 9 KB
4 KB 52ms
12ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 24186
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:29:50 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:29:50 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1F1D 120 KB
40 KB 955ms
954ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&h=280&slotname=8477636658&adk=543386735&adf=3450464683&pi=t.ma~as.8477636658&w=497&fwrn=4&fwrnh=100&lmt=1700179976&rafmt=1&format=497x280&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976415&bpp=4&bdt=631&idt=169&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=1740894881329&frm=20&pv=2&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=186

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

76d0652bfa446a39ce12aa3142456b7ef18a0f23ddd486bc035b811221194c72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40988
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:57 GMT
expires: Fri, 17 Nov 2023 00:12:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A417 334 KB
73 KB 1087ms
1086ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&adk=1812271804&adf=3025194257&lmt=1700179976&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2&ascmds=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976435&bpp=4&bdt=652&idt=179&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&prev_fmts=497x280&nras=1&correlator=1740894881329&frm=20&pv=1&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=192

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f4105cbd632d40511df1fa7a54502f12bdf81702390745f599d7dc2fdaa33baa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 74687
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:57 GMT
expires: Fri, 17 Nov 2023 00:12:57 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 1F1D 14 KB
2 KB 78ms
36ms Stylesheet
text/css 2607:f8b0:4020:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&h=280&slotname=8477636658&adk=543386735&adf=3450464683&pi=t.ma~as.8477636658&w=497&fwrn=4&fwrnh=100&lmt=1700179976&rafmt=1&format=497x280&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976415&bpp=4&bdt=631&idt=169&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=1740894881329&frm=20&pv=2&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=186

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

682ea4a49bafd3e0e6dfc629d601e44db6975ade7a6d579ef68e3b769a35ae8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 00:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 16 Nov 2023 22:41:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 00:12:57 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 1F1D 2 KB
905 B 55ms
14ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:55:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11838
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:55:39 GMT

GET
DATA 200
OK truncated
/ Frame 1F1D 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 1F1D 23 KB
9 KB 37ms
15ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:45:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12477
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:45:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 33CE 143 B
166 B 13ms
13ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7590696283865267&output=html&h=280&slotname=8477636658&adk=543386735&adf=3450464683&pi=t.ma~as.8477636658&w=497&fwrn=4&fwrnh=100&lmt=1700179976&rafmt=1&format=497x280&url=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ea=0&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1700179976415&bpp=4&bdt=631&idt=169&shv=r20231109&mjsv=m202311140101&ptt=9&saldr=aa&abxe=1&correlator=1740894881329&frm=20&pv=2&ga_vid=869174392.1700179976&ga_sid=1700179976&ga_hid=335042014&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=815&ady=208&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31078297%2C31079756%2C44807764%2C44808148%2C44808284%2C44809054&oid=2&pvsid=989538058937027&tmod=181901230&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=186
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 2822
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 23:25:55 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 1F1D 3 KB
1 KB 40ms
21ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11698
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:57:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 1F1D 20 KB
9 KB 31ms
13ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:47:31 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1F1D 203 KB
64 KB 85ms
45ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:57 GMT

GET
H2 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 1F1D 37 KB
16 KB 54ms
12ms Script
text/javascript 2607:f8b0:4020:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98231
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 13 Feb 2024 20:55:46 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 33CE
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

39ms
36ms

Document
text/html

2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:57 GMT
expires: Fri, 17 Nov 2023 00:12:57 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:57 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 1F1D 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 543779a70e3982213bc842b5c40810e5e65386777b36738310bb5b4f5d367aaa

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/ 160 KB
55 KB 57ms
57ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/reactive_library_fy2021.js?bust=31079756

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ea2241751dc07098e5630cec9ecd70620e16a2f32980bd22c007cd15d85e819a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:57 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55837
x-xss-protection: 0
server: cafe
etag: 11042389064524339078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:57 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 1F1D 33 KB
34 KB 58ms
12ms Font
font/woff2 2607:f8b0:4020:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:47:49 GMT
x-content-type-options: nosniff
age: 98708
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 20:47:49 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 1F1D
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cl43SCLBWZbviKd6CwuIP_9u6yAPrt5yXbMXdjvv2D5_m-dm6ARABIICpwwpgycapi8Ck2A-gAYyhnf8CyAEBqAMByAPLBKoE7QFP0NwERPh9IPH2bv_7mlsqGy4difiJwFRSs5Gd68Brzmm...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x4922aca62cc8aff30000000000000000%22,%222%22:%220x58232dab439acaf10000000000000000%22,%223%22:%220xeab6d0...

0
0

81ms
42ms

Fetch
text/css

172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x4922aca62cc8aff30000000000000000%22,%222%22:%220x58232dab439acaf10000000000000000%22,%223%22:%220xeab6d0756f163c380000000000000000%22,%224%22:%220xf88e313e656bac830000000000000000%22,%225%22:%220x409b917095dd30a70000000000000000%22},%22debug_key%22:%2211575004593282174194%22,%22debug_reporting%22:true,%22destination%22:%22https://iomu.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22803688588%22],%224%22:[%2211-17%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210661203358272230161%22}&andc=true

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x4922aca62cc8aff30000000000000000","2":"0x58232dab439acaf10000000000000000","3":"0xeab6d0756f163c380000000000000000","4":"0xf88e313e656bac830000000000000000","5":"0x409b917095dd30a70000000000000000"},"debug_key":"11575004593282174194","debug_reporting":true,"destination":"https://iomu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["803688588"],"4":["11-17"],"6":["true"]},"priority":"500","source_event_id":"10661203358272230161"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 17 Nov 2023 00:12:58 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 00:12:57 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x4922aca62cc8aff30000000000000000","2":"0x58232dab439acaf10000000000000000","3":"0xeab6d0756f163c380000000000000000","4":"0xf88e313e656bac830000000000000000","5":"0x409b917095dd30a70000000000000000"},"debug_key":"11575004593282174194","debug_reporting":true,"destination":"https://iomu.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["803688588"],"4":["11-17"],"6":["true"]},"priority":"500","source_event_id":"10661203358272230161"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response
pagead2.googlesyndication.com/bg/ Frame 25FD 38 KB
15 KB 17ms
16ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98473
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14894
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:51:44 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 0F95 9 KB
4 KB 19ms
14ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 25950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:00:27 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 4975 9 KB
4 KB 14ms
13ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 25950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:00:27 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame 8E71 9 KB
4 KB 17ms
15ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 25950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:00:27 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/ Frame B1DC 9 KB
4 KB 17ms
16ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 25950
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4118
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 16 Nov 2023 17:00:27 GMT
etag: 16674218716276178799
expires: Thu, 30 Nov 2023 17:00:27 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 141ms
44ms Preflight
text/html 172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 17 Nov 2023 00:12:58 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 0F95 4 KB
767 B 41ms
40ms Stylesheet
text/css 2607:f8b0:4020:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 00:01:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0F95 205 B
519 B 18ms
16ms Image
image/png 2607:f8b0:4020:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:45:13 GMT
x-content-type-options: nosniff
age: 98865
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Nov 2024 20:45:13 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 0F95 604 B
695 B 18ms
17ms Image
image/png 2607:f8b0:4020:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:50:18 GMT
x-content-type-options: nosniff
age: 98560
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Nov 2024 20:50:18 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 0F95 15 KB
7 KB 15ms
15ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 15:54:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29938
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6702
x-xss-protection: 0
server: cafe
etag: 11213825687312121238
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 15:54:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 06C9 624 B
242 B 60ms
53ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNVBEBaPlxjCbgyta5RkR18f50_qLdAFftYbhDOsDe8lDCK7lJcfzXKg7ybDahsBb088j7QYZN-RNFBU6q9TlXHPgTTaBw

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 50CD 89 KB
31 KB 98ms
90ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 50CD 3 KB
1 KB 24ms
15ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:57:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 50CD 20 KB
8 KB 23ms
14ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:47:31 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 50CD 203 KB
64 KB 64ms
55ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50CD 42 B
63 B 80ms
74ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BY5sCkxfbCzOj6jsDa-LdN49FkTR-K5L4oNODzynSr3WLpm781lyUengsP6kSyMikCFYmTXoiaHsKBtVkZl905Eq-EbOgyD8NBbCO__lQQFlXhbcU

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50CD 0
20 B 84ms
78ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7355715054277182912&x=1&ct=119

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 1ADC 640 B
262 B 54ms
47ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNXf4fzDgEgf0luUo-Ydz9Qpwtgb2AGmAZyubLe64nE566LY-JdLdiMMx059ImOAOhqR6aOQf_OqiVAn9218mPJJZBLKQg

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 45ED 89 KB
31 KB 125ms
124ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31498
x-xss-protection: 0
server: cafe
etag: 4296746511219988724
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 45ED 3 KB
1 KB 29ms
16ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:57:59 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 45ED 20 KB
8 KB 27ms
14ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:47:31 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 45ED 203 KB
64 KB 68ms
56ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45ED 42 B
63 B 89ms
82ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AVhL4NKnh5wLNKob6CjlXjikAen83WKPWklULF28BBILaTkEQ1feGqrOlw0JamDUZ9jliDq_LcS7XsMUqNS1RQJoebpIfB0MsFRMEvHwrwo5vBNB4

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45ED 0
20 B 96ms
90ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14639006913484450929&x=1&ct=119

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7B13 482 B
213 B 68ms
58ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjUsZn9ATAB&v=APEucNWzcIE9LXgrFFDYelKt4uYIK0YaHaaEr-MLQ8EbmXM09vf4B7ymtic9HV-RMS8LaH-DD5wcVNgFicKkBjqRy_dWKkXvgg

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 193
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EDE5 89 KB
31 KB 102ms
90ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame EDE5 3 KB
1 KB 24ms
13ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:57:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame EDE5 20 KB
8 KB 25ms
15ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:47:31 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EDE5 203 KB
64 KB 85ms
75ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE5 42 B
63 B 85ms
77ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AK9vEy71T4U8sffNVSSWeWv2KcJfIUDTFksPE90JoMh7KOFD4rYnPuils6BnQDLzviqIJuhXjkFenjo1ql76kZXU1GnWIr93JXZZxO0iq8C7jejMw

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE5 0
20 B 86ms
78ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=704642640893397377&x=1&ct=119

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4764 1 KB
365 B 43ms
43ms Stylesheet
text/css 2607:f8b0:4020:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Heebo%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::200a Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b9e9bfef716dc3479137dfbd6591bc7ee2087a2770005f7741e4cc6895b7b233

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 17 Nov 2023 00:09:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 4764 2 KB
822 B 12ms
11ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:55:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11839
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:55:39 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 4764 23 KB
9 KB 13ms
11ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:45:00 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12478
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9282
x-xss-protection: 0
server: cafe
etag: 14645652906762492339
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:45:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 4764 3 KB
1 KB 15ms
14ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:57:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11699
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:57:59 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/ Frame 4764 20 KB
8 KB 26ms
25ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231109/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12327
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8541
x-xss-protection: 0
server: cafe
etag: 737174102934380276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:47:31 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4764 203 KB
64 KB 66ms
66ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65395
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1700052045412510"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H3 200 a6de5423b7c632060e8f86136bd5d27a.js Show response
www.gstatic.com/mysidia/ Frame 4764 37 KB
15 KB 15ms
14ms Script
text/javascript 2607:f8b0:4020:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/a6de5423b7c632060e8f86136bd5d27a.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2003 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 98232
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15478
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:10:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 13 Feb 2024 20:55:46 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 06C9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1

43 B
771 B

18ms
18ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNVBEBaPlxjCbgyta5RkR18f50_qLdAFftYbhDOsDe8lDCK7lJcfzXKg7ybDahsBb088j7QYZN-RNFBU6q9TlXHPgTTaBw
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3sDQxdKA84IgTZjz9avMZU7y3lZ%2B7UFzRG1QHRXNyG2Z5rHF2vmhLQS92lreSnuRqVkueVxD2BzsQ5sGWK%2FZpiTq624lxMeo8Lwz%2BJQ1L2GZSgKKU9HLDMnN%2Bn2tNph%2B13aTNJY3ZIgXg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8273c3e03b1017a1-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 06C9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZVawClRBAV9j5o3WDsdzQQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1

43 B
732 B

21ms
21ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNVBEBaPlxjCbgyta5RkR18f50_qLdAFftYbhDOsDe8lDCK7lJcfzXKg7ybDahsBb088j7QYZN-RNFBU6q9TlXHPgTTaBw
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WaZhOV90u1EG5Gy%2F84bLQTmPrDL%2BojbDBGCdGbPBMeSyQbLA6tjCfDyRBxX1d49pdI6rTAhqntO1mnwjLDu5R2fvBQyk%2BsYRmuRkbdBNBrfFb1ude6Ou%2BuW3KEQiPxatIGDULOr1pEupTg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 8273c3e05b2817a1-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPrAM6wspTuUmXrsD5f51EA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 06C9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEDD1d32LbX7ODM0fI2rgH_E&google_cver=1

43 B
837 B

8ms
7ms

Image
image/gif

68.67.179.164
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEDD1d32LbX7ODM0fI2rgH_E&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNVBEBaPlxjCbgyta5RkR18f50_qLdAFftYbhDOsDe8lDCK7lJcfzXKg7ybDahsBb088j7QYZN-RNFBU6q9TlXHPgTTaBw

Protocol

Server

68.67.179.164 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
an-x-request-uuid: 4ec97169-af52-47d0-ab30-901d447bffcf
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.133; 5.181.234.133; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEDD1d32LbX7ODM0fI2rgH_E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 06C9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg1ODY1MjQ2NjYyMTUzNTkxNw%3D%3D

170 B
243 B

43ms
42ms

Image
image/png

172.217.13.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg1ODY1MjQ2NjYyMTUzNTkxNw%3D%3D

Requested by

Protocol

Server

172.217.13.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
an-x-request-uuid: 95dfe454-4e8a-4931-9139-d7dcab8863a8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NDg1ODY1MjQ2NjYyMTUzNTkxNw%3D%3D
x-proxy-origin: 5.181.234.133; 5.181.234.133; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 1ADC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfMyrQ5uIstFCu_9sBGV_M&google_cver=1

43 B
61 B

23ms
22ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfMyrQ5uIstFCu_9sBGV_M&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNXf4fzDgEgf0luUo-Ydz9Qpwtgb2AGmAZyubLe64nE566LY-JdLdiMMx059ImOAOhqR6aOQf_OqiVAn9218mPJJZBLKQg
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESENfMyrQ5uIstFCu_9sBGV_M&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1ADC
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWI5NzAzNTktYWI1ZS0yZmI0LWM2MjMtZWZjYzgxODZjYzdk

170 B
232 B

39ms
39ms

Image
image/png

172.217.13.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWI5NzAzNTktYWI1ZS0yZmI0LWM2MjMtZWZjYzgxODZjYzdk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNXf4fzDgEgf0luUo-Ydz9Qpwtgb2AGmAZyubLe64nE566LY-JdLdiMMx059ImOAOhqR6aOQf_OqiVAn9218mPJJZBLKQg

Protocol

Server

172.217.13.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YWI5NzAzNTktYWI1ZS0yZmI0LWM2MjMtZWZjYzgxODZjYzdk
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame 1ADC
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEHHhlXHdI31zGTgP799e0kI&google_cver=1

23 B
163 B

13ms
12ms

Image
image/gif

23.204.69.95
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEHHhlXHdI31zGTgP799e0kI&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhidwZj9ATAB&v=APEucNXf4fzDgEgf0luUo-Ydz9Qpwtgb2AGmAZyubLe64nE566LY-JdLdiMMx059ImOAOhqR6aOQf_OqiVAn9218mPJJZBLKQg
Protocol: H2
Server: 23.204.69.95 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-204-69-95.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires: Fri, 17 Nov 2023 00:12:58 GMT
pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEHHhlXHdI31zGTgP799e0kI&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 1ADC
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjcxYjJiNmUtYjgwNS00Yzk5LWE1NzUtNTI3OTc2MDhlZGEw

170 B
232 B

44ms
43ms

Image
image/png

172.217.13.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjcxYjJiNmUtYjgwNS00Yzk5LWE1NzUtNTI3OTc2MDhlZGEw

Requested by

Protocol

Server

172.217.13.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s05-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: pekko-http/1.0.0
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=NjcxYjJiNmUtYjgwNS00Yzk5LWE1NzUtNTI3OTc2MDhlZGEw
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Fri, 17 Nov 2023 00:12:58 GMT

GET
H2

200

sync
partners.tremorhub.com/ Frame 7B13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=tremor_video_dbm&google_cm&google_dbm
https://partners.tremorhub.com/sync?UIGL=CAESEMmp56TugCvihqtAsfHlcGk&google_cver=1

43 B
175 B

226ms
9ms

Image
image/gif

2600:1f18:612b:4216:d296:b4ab:44c7:4070
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIGL=CAESEMmp56TugCvihqtAsfHlcGk&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIuw7wEQ3bWDAhjUsZn9ATAB&v=APEucNWzcIE9LXgrFFDYelKt4uYIK0YaHaaEr-MLQ8EbmXM09vf4B7ymtic9HV-RMS8LaH-DD5wcVNgFicKkBjqRy_dWKkXvgg
Protocol: H2
Server: 2600:1f18:612b:4216:d296:b4ab:44c7:4070 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
date: Fri, 17 Nov 2023 00:12:58 GMT
server: nginx
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://partners.tremorhub.com/sync?UIGL=CAESEMmp56TugCvihqtAsfHlcGk&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 283
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET

partner
sync.search.spotxchange.com/ Frame 7B13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELKZG2bYpOsO-mPoRxbCr5w&google_cver=1

0
0

GET partner
sync.search.spotxchange.com/ Frame 7B13 0
0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50CD 0
20 B 79ms
76ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8529284972716&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50CD 0
20 B 76ms
75ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8529284972716&version=m202309260101&ct=119&x=1&cor=7355715054277182000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 50CD 92 KB
38 KB 166ms
165ms Script
text/javascript 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BmHxgCkMmpD40x7yfds-erblvtY11NfSf6sSfLIAvAlLueEXqFEuduzpuldkkpohM4iTgqoFv5C7Mrf_eyUBl02WL0vKs6igyBFp_YTbSNK4pn6BfS8G7mwxuJbMCRNcs3KXktjyMG0XqL0qZTsIVN2mUBN2nXCSLensIcqeIp9ynKdrg&cry=1&dbm_d=AKAmf-CPLUkV9dvpfrA0NiP6pD9pSDFdM4X-jZCUVaoURMXxSFqYS_Q6GKBAMkmTmhy58meYiFdpW0dsgZc3lzkd_B3vmqVq5RShtrunIOb9IP-vgk51tHUjECKPkrs90uZtfKCNXlJgmvARfcCgeoTOxg9safQ9osXhgNR4IdFZT9EsPrtFjwXSamtX-WJ_9rVSE1nWTQRTwKGnXdTWTat0Esj9ylAJBjpnLUUr_42Usp_bEMGwFZhRGOgrWKV6uJ6SJ265HKXHdU4tcGA_GuuqFbvFRFlQIzW7G9gUVwMLPHqu2G6tIACs6OAv5c3wUqQ8ifYq4OENzaSyehjC1Wt4bvR4Ol_c2Emf2RlOG2fiOfXOVVIrI3Xx8uzo5DaOlpj60Pa0MaQEqjitSCZwG2FVQlW7ppG31tze6JmlK4o7emseH1uE_QiOTlNpig8fftgWgmM6EIOJeUqNQU5_nxrKIg5bifjbTutOSzpgCeiyK5ZupHs19L4QEGUXXU6gp3yXt8QqIieOOXngyKHJMUq_M9JdJ1gqTdE4IvG5HIMyXxh9IzOWPeldrK0XQPVwOONByIFDtH-Dtqbs_UMm1RcIdA4CKDDrETBHRqKsW0gqBK0dH5XF9RBxDj7xEUyYS0sk01o5me2pYn2yjlTa5VDqg0VXmkDsbjQzIna5AtQFecopza0k57yR5jzFbA5gJGXh8pLePRJb7-dXffyyqANhIc4SwEW6HYutgSoMt3iUG9zEqk0uOFD00R-4PD_sktDbNq2f3UK0gQ-EnhEChHEywxHD_Y7uxtJa0X2ZXJqrThG-udXY9CR9cZMSnGcaCdJwdAtD7PueYBq3EFupJQAH5HPVmJx8pkE3E-C8KlUc_ts7vQhPMPL30pvFNLhlImohfD2GO9WgTul3YkCvd2s1kMi6_ZornwCKJKkVk1Oij0ZAzzl8oGet6u6tVOx2wNDo999uCezeF4MDKC-RoAkDw23YxcWusdCYXeogdWl-K8XPq4rjWuixviMJUz--U3rVwwvFmXh5QfeOwY_A0EEZ-LODcnmuJQ3nv8xpoX5Wv9s0n9uOscUEDqdBWWW2KcEYNveXiuZGLwoFYrPdas0kkTss1cLc7ztVni2lxImDtcDrh1GKg3IEBAXxNdoKU8PErCzvhePP8G5mmBKcMLfp21fsOGM6xQvathDLzz_3dwRSkNQezNXmZEH8Tc4ZwuKt-yGEz_wnrxz1KdYMnWmrU5HkxgeDIcOZ-f6FemkCTyPPSOMGOq6xK4uvMCpJMToMoZtKuG31YoBkmVrXZVY3sJGtmjpWrhvE9P6ivg3VdC2efFTAogvWvPsJNSxd0olF-3Qf7qeI7KareEkTFaZLS0LwI5wWsyFJtbpwBziCWOb_G-Y2Uzxd5KFPkiSKBQAK4XwEm8foeQBzdytGmyUajDzQbnQx9DKtTjTc6BiiL-9y66xYt8jfTKE0-IlXkk9kaaB61wHtFuTGxqENqBJqI2ht63WnSloaCRgI1EKwug3n78pSyK5o1u3bWsuJKkaFVwcq1ezPqcjpXuguTfheUuE-cv1rfnUnt-TX9FpVPocbqkDEZ8UPLqXaXP8TgV1Ur6wm8A9tLLqUprpFF9VkIIomk5gwZK25_yWHUabNLUJQUQJxFWuYjOdT3Y3Dg7eh1auRqGv72MOfO5vJDdrnLq_x7BLen6RnFFbIc1vKNWYrYaZLmXGRgKYNawKmdVX25rs8sXLU-1Do8hCaXrDR1kSHOzSdJC2JH8It1gpoDmaOYAZk7HsDbyx51yNPNPAi171eRu6WP3H2SEhjIcbqs7lsOjBkp_KNF632jPcGEXUZ312dM7FkcOO8Mk9WZGKJpf3AfjCDjm8vX-q-pGNeoeY4pU5OgtnWPMxR5qfOVLyI5BqMhDz386RLWzIOW17Ag5uq7-tKXi5HMfYax7_UV7alR1ZJT_FtnBTy-Xb6zzy2ZGbxrJaf4ya4vcCK1i96U1C5zWIN2ixy8jgGg6J7EbwtEWzJhh3QT_DnzXVbjkpLVXkZjloJDUNQ8d1_a29X8IYsu5Q3Wh7ExB6zN3gcDTdL0VrX37ksTjM-nJ1TpGRSaksxDiwdFFOVqSxnFPxlzh48KF3qqrT0rXyIrfS20-V5H51ytquLaVoVhxhov-vFNZB4vuliadxYluiI485qFPdR3WWtZdgZfLe8Zh_PP90fz4HdvnOkKgXH9OhdXtaRbqkf6SsxO7fft6KhcBkHIn8axP80i-6s4F9A0eKJp_6mdxLb165p8BODVkjCJkaOBn0HHforcsEBO4tyRnqG24K8K2c4xXrgH2cpH07p7rAWosQTLZCQvjxA403YWH8I5N5dT21HG5Qs1IbZuWVujDp1wlMWfvE2slMhx25-fE8jcdVOeesX056t2EOhtTrtoA7SgT_eIgeryVxcwZ6_ms9gmTiul95SYvT3AOAAOD9FbYb3NP9XnXMnacWoZpg6FAB6-ZfC6JeUACXyowdongieNzZRkA8gfxR55-dMojMiZwRG4z8lE_noYrVm8BvyRX1D691qsyOXFZdo2cpkvsjUF8gPlAWYjqBv_UJiShTCwz9rn1nADtCRJ_V7pDMkWdXHy1FloG9vMBSkRG1taf_oQbSyBtXJR6_kwfQrtMODfESqr8SOu-y5W_wINqcML3TL3j7IR1WIuzTe9M3Of3sYI73BhrYh1GSqhiXT3b8oUrgKPNleNDvrqQ-QHI-dNhG4zD-RXDTaz0iWMrjvpPzrYoYtrcaOX8Zx0BAd-6Iyi-M1ECyvIw23S-_EJiUqZQPyouVLFvTtIXmJpcnbo2g3ImCizwTQQ8KUDbqwsBt1e1Ltnh-NhwAsumluX6pVjsnVXU8LvzJrlt9UqDMOz-55EMsEVHG2UTE3xTCu9181fNcJX8tVPFvwFAoio5Mubm_oKrLBZECUxmwyx6hBnd3yjpIBgqQ8lZWXhFMa1WXB23RK3gVzVOUeIBrVuexjQbHALmNeiuPSApj6Vu1gC0diKjBT47PHalwI0x5eK8uwjkPg6WbwmBngKJBjQ1SysnS6kgr5Gl-lxr-zKEDYTMdpWfKFjbtMGaCQMLoWcsRntKLKHnc8fJnQAclPWe2T2j7__TVSqT4kYwMRain7AQ49pO-1z7RKFCZ9DjaXFNeFHPtWeTE5P8joBgiLyEaaoOsQPaSDkQlhbaSJ5HFJsFkaXUEGcGaGjsQcrRz--QrCvKGFF8l_iD3lyggEYToy0uvuj0Olx4fLxxxXwCqThwjcpXq6C-hCZ8u9tR36K2eYCMZWJKwPOMNipCkAiEylWGKbVAutFCqjScQJttvoDAvsff-zTzadmhpV3YiiUBywwccnghGqX_wb81s7x95eTzPdqwMwnA5v9OXhG3knJtTrS5OkySmIKu8Hr7phTG71FOhavveOyrvVS8-pbVICbvLT7H9sqmH9yOyueX22c7vbpg4Z5fExLu8vGtxDwEmwvsrRSyDAPb7dSMfgDCgTFhXoBIyra9eyQ-1okq0hWBX00yi5LRpH9gBJQ_DpthSbCGrAJ7GNxDMyfdIWdoYU1kZt3Vvjd4r7v5uP47JZpwIpQg4OsxRgbUNwphFXo2Z5fKpfZggVQjJXcxYvtbff2GOPr1pmsYvVuFyhqS4-qK-skfRRA-Iw6Z5w-YAjRLrmWI4ZGHRs791bAOOdaVEhdB_zoZ5WYBnbgDOQ7Kp4ydwB1DHTLroamo2BwUsiUB4IHefC4QHxtANsjepWX9Dyrfjq2C0ixMeQgMk2NzSDspY-WUUFo-3y9uiVmFECJSE8-h8ERu7_czzjwQxj_y2DuiXgVUprTWz4_-tJExQUpfm-a605mAIpmczMYOISGtOWcqPTm2AB7JdW1-EnHhjf-wGuKQwU37kwCJvV1IFNUoTQDEU4DWdIpgGnf86AAMKTAhL3eg&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=7355715054277182000&adk=1761367587&idt=124&cac=0&dtd=16

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bd52f4e4890c431eb58b43da9c37292ebeb1f2c3ed5a40b1d56ba368c2aa24f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39159
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE5 0
20 B 42ms
41ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6192804048907&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE5 0
20 B 77ms
76ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6192804048907&version=m202309260101&ct=119&x=1&cor=704642640893397400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EDE5 92 KB
38 KB 160ms
160ms Script
text/javascript 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADNRd6poMzH3G1-_DQac8BOvR3dAxSztlWscSrs_NstpU0ItxmzPDr4be4NAlooaVARn_Y78Ve3wCh5u-MRiqP9WeVoNF2mehzQQiOXx2LSMF9giby4usEQfD8PQXXZ6mc0Q1ORiFQgAkYa7SSZH8vrp4CYl6fLtulL8zsBuwgUe_tIh8&cry=1&dbm_d=AKAmf-CKRCJw3pG82bKwgS8Lbi2rM6jhy8HIr7tswbo9KFTEQVN17SjvlqJ2jla6b05gIji79QkH8ta0JqS33k_0V6ci6GL168-wTi56JUgDkX1klusFLkjA_MJADEaeDoHBnsd-y9vNicmVDvh3jAzvatKdwBtyDYkLrr9qN0QL6gCLirzC4B_tb5k1vBLyrj8iAFbkG5jjcbLSPp81VpNCpZX3JKHRrZ3pHK76liWSjWyop1TpSd3xPbOqax3yLmbs4fPIm4LX0JeexUh8-AwDMMcWuzYSQuhZODVDtBLCU3JeltyLMEachlsC97ftfkUqz6lNbPFpJHWNwbhfPCha0PhRpmvhg8q2TR5dVbzW-7uWqA--2bnYQCDdL0e9_Z6eT8PiIjqVe0uDz7GMzK48vccbEsRljurOrvsqxHdAbU-cbMw11NPMDcjE6gYPZ-GpHDfOPdT0iE2PS2Puqiv47qe9FdC5zr3rx73MHEyKnrW0zNuB_3iKBW6zhLEAwMGli5g7XMCLHHgrb-_lm8oetNsNmtmL3b3LMNdww15Z8fIs0vHhgBoA1gHxmtFvLI3vI3xX2EYT0XYBU0F2jPfU4norBCXz1KDkvBL--LTlW1VNWIfb81LG2i4fK9gMMYv9TgEXdaa3lorHHHpPiMSWcA38LkKNAJFRKFEI162TpgpuNGiC2119NEK5yzQfoiyVO5jySQDvWYFEoKMMd1FWpbybrHCWLe7PwwjTnhfwlbaQfyI_Sm8mlupBLhNJjfPf2qYiGAOgPERVqxN0TbWT5ELiSnMMmjkQJfG-0dhYVXsLLnXj3y5lYEKMpJj0ZqV0WBSQLOu_2yD4LsjpUn8RwphccMuO6gcbH318CRHlbAvg0mAAmMrwFeTuxXapldgvg442hp5SM-M9eBZgcCm4cqLRZ0RjVZq4PfSS9zD-DJF15ao6K6oVl7ZkALwM8WThWTlx7zcohEHI_n1g0MLvc51WDRLpHQOiuq-1P4TYLxIObQMePcMG2jsSH5GBUhYCwka_DcxetQHcMbbufcKlHHRvKXI3s1gIpJ2PXt1qa5UWqk4Q3MtuyRWvyrXKj_EAGwHv8hQBjApHNBkdhaboyk4pqDC8SO_YKn6rbQHp0_faJpY1UqtRKmzDtQs8YbXrWJtCJpbfEiul5kdAvwNkUzVwSq3nQIVyerV2v64v0NOSxkyz2nUayE5kR0as44z7oYpvVwv6H0Bof9Mu3kzadZQLxj696pZzG6lIhgVWY4T-T4NrtjR6WUQrEF_Lau1_csoDGM8wRim79Itw-t9Tu4U9XV3A3Cf3w5oQggT8Zc78S84Lqy49pEMvxsoBHxIUxoVrtA07JMp3xCD7YtJ-AXf0JE2tF-pzdGB73lKfaPCYzpQolAeHKvNJexlDqwswKam8l50kOjYNq5IvetgUy6nw8UbniXbmIe1vRdRroPQt9GjzEKSoPCelR7UZdXtaHXYBoFVbSVeNqbhEUJ0veiJTMGPVxGOZLyw0KQSszw2LePswSCd9PsQCBOdQsA8F4l8xvUgCJiNFao4eG4p51lujy-Pylf8AQBEzZwlLg1QLyYU_31VOR2rbUgVeDb1-l0qk4agE7kI1yJX3hwBXJxMC8FuOZ0-oQMNMR5MZhTJ2OvVazLZfffWe6k9Q5sBfrA_03ge-JomMZYmpKsOGjmExC6OUMEijtvZyaaTorZ2f2tsRXa_GxGqZvMfpeSbMDElh8nA6LyvmNe7Fx-zxwAdtgy99zOAnPR3RgZWOpejZCqrlRj5BQv_hS4Fli4Ls6WieoJQlTBZ9i0KUrq2uQIliVZunVSaDbNnS5jPq0Fv97ENXJ0kfPwwSfu7pBetrb2E8ANOvISkMf2RJgOhxOm-YVZlBWKQIcWtFNQcunxWMQhXiLY1DU8jYKEBg-gjZOAwu3VGJkAxXv0PQPMTSa-bEQ0zy4I-ToKukhOnpkD4PYhwiKPGJRgNfXe2ETVP1kvdj659yIvC4HCwjlR5iGy28zd_DKXQj3AzWyMaWk3C2skKy8KcIYXVUr_9fCmW9Q7S_TNcqLrWxRR8wZiljDsdfVDAPV4bNrKRX4f0b2q-BdaSco0Q2QWIxT0dpUUcGOdqf2DqRgCryb2S1CWdirO8VN0FQWjLHUUpyBIX9U2kIRGyDqFqJPVI32vlV_hYGyst4uDaBH4r0j4jAoRvujEoXGbkL6G8HES6WRvINir50v2riv6K2kygonKVpiJX2aDi2JIdO_nQHINVV9ZHckrVJN1eHHa1m-ZILyiYoDpgZRsnptQT6v4G5ym_nzIuU_QD-JGtEm6B-QgkKS72Zed-EDCKd12n71cjJccsrKuMtBPc1BW64ysHt3oNNz_4Iv1Ahh8EZzRAXkHgwUvi1kPNheiwbbLAeti6_ZmleFJo4lJr92sVzXxLK5PhtR4-bRqPHJGCXB9qyImTX5Xsbfj1oDQpenrN7rc9CZqOP4seJ4IB8ugl6oNBVs19qNYQHfBh6yGxfcVERu7Vn7aDGFXIyHaYOimFexRq6CPUxfl7u3olYQmwjtniNWztv44OgFlGMZHbGFCz3AF0XXrJGa3SQDOjt-zwuNCYD3CcraQPZtzJyeq4_ZbNh4El6NZO-OuuG6ktAoSXZHxDgOdqOWPR9xLtdTiAoh0L8E9y2F5ij0zi6bZIjxcNiK_75aeczzweGmpkFHVhdqgLpcxO6bTpsujMWb6gyZ5uUHaCFNaHsn0O66_aILcKzefoJsDwP0UAvQuXUdkrcgOBEyFwU_yGYjra-b0SbDrDn9p2HAiR6pZf7aqzRl0x7BMGFrqm1ZWwhZfKs-WM0jiV95u59QwHGRlj2pFyEkRbYmBnyA0_RDC0fb1WiUfCkhpq9eGO35TjWXz95HIXx5x6EcR6xa3R1PznTv4Bm19VxxuIAd0YP0Dtw8NoDLKVkUe47GpiWrazlCdbFRa-zB6cJtAnboyvSgjlCTBz440ovxcG1-6h-uTJMzQKJzfm2_7T-I9ntuHcw7kFQ86PIlhiuGjT7Mc18YF61-yfQuKwhGqT-usQABfDbg7rtJSw6EYtwQcAbfbqrryOMEOPCg4P3pNz0PsbNEu6QZusrmZeYNpbp9RpjpaNO6y8H7pO5ss4NKwV4eQiS-uDhuuoE9wJ-E201D4vkiVcAupBIlB4m0Q2iYpkz0IiJNTMP31RTaAGXEh_e5KVOFJiTWIBf3HyRnXAlp_8AlZ2ov0-khBiQ7_OFpd_c-N_qtbCamRvS5Kze-OygDC1uenOU-x_Z12GoMil5bcqo5js_UqxN2TfSMpiB3vp9hotG5cc6bQHDe0jKelGg1wgg5UNsojUcJDTTVt7pY_NHQmnnks7sp_UZTdT9ak0iOP4UPHa0QxBOWbtwI5kMMZGI2D1GZ7o3qoXvc7-ok8CMPJ3VESAjOQfthj91FaW6Kg130wP4eXmU6Etps_swLs3WtT4xwC-itomddhlw51fhofNgynoPRBNXQpM23C1hZ7Qds5HZD37xQRPL1CwOfZ_siNjiYs76-b0IvL__KNfVBIBgWi_mJqAJy6ctd1L9Xs5Mb9R5yicY1DlCBZqqSwEFhvFDOv-MWGBu2sPlVW11wLs2dklasuI1oGYFyh-dp-GQ9mmzmY2ssN3xuscWB5BuzQ3rhTgPpJTXq1L_Shisa5AfPKQZn2NlIgTMcGXwOO7MpFl-U90d0wjB0zkBYTig84FOUUYB9vbVwMM_xsih1B2MTqOy2a-VkHyl9iWnghScbRrLxtji1eT1WIpG4eZ-SOuzCHVrPJ3GwL9LqXDDXAFZ3lWo_EJNylry-1a_se-EUr13OxwaF0CFVxt5hGGykrXLBjQhJPQ3qBI0DVLiXWE-hrNcNPM6SWyQJMKIdnw8EQepmdO1X4bL-bmyHlNdR6xPq0CMKHVdpIrIu_CH09Vuyw&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=704642640893397400&adk=521587874&idt=107&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28cec63b49cda565895bb6ee16863158ccacb9421b7b5a0887ce745949543d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38949
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45ED 0
20 B 75ms
75ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=7168203434880&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45ED 0
20 B 42ms
42ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=7168203434880&version=m202309260101&ct=119&x=1&cor=14639006913484452000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 45ED 91 KB
38 KB 166ms
165ms Script
text/javascript 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeHdYMuB4fNoIAPNzFEhpAHdtYW1rHECCLAeOVyP0j--oWQf-PRYdFR66StjUjvf0MiBKYTW9e-RPgo84IQW7tUIiHwFKEgOD9dIswOc4Jx2xWK5Wj200bU0VSnnxjrAghsouIszeEyQ9SpuyskwUhpzYWdO0dFmT6Z9vCjczeP_5yl_s&cry=1&dbm_d=AKAmf-DFrfEiWXdunD1F8w0DgzJypwCzts3-Q3RA1XxNg5cfCD0ElWFTAclbCRs0I5BYpyMV7OKEK2RrZdlMeAB7PvGlIGsufnmeaQwcQGG4Hxjqc3L8X84p4LfRITZlHT7OA5WnpmliYHrxrgscfklQnKSzUeTq4NewN8jqEVOu6LSzbUpRrnaiy8pR7jQPYr0V8pvmq_tXSnV459FgxesdT_1VK8NTW_zXSTWZr-jli6PvfgLNK0_jEbIh695B8UwRfRmf0F74ptENK9TYr492CRAXX7Mvw5j9hRUNuZJ0gCu1Qi0zsr9qodaCny7HVNENEuiqOdVHPjBOWLbHjMZYTBFAnFfpVJe-XkoT_IrO_YeoRx7FViLlVYTIUCgc9ekFoeNWjQRl9b31BLIY_GTJUmDBX6JXa_qaA_TGFKD96UV6LHWKNEh5Ro7yqPr8EEuh-CWNTWlCkct_NV9ZUibuqrQ86gV-pHgLeptM5Sy94QV2WojDweaghp6GLAxSwy3F2pZsTAEHokgSYcBEch8U9G8JQHeq7zOPXUaIyCZoCAhUSZgYWQBJHYTWhU1J-ddhbZV0h3K-tils-9BdZJfVqn5dB8QQ8wnpRvjaEqZvJM380FRfumR3KKFpwzvAdZl7jkn8CXs6fsKKRSIVmflKA2CsQGHKBnVAB_-NmYqWE-lI1MBf4K2NkAA-sI7Fq953WGskJJ6cJ12y-RlF_HiydiwRARvh1sYU1NH-I5tlRc-XXIwXtZR_BrbSp4TZ9QmTrmuLxch-Ep9nYz2fNN6p0DzCwJWq-XZhpFxE46Q9C5obmwZO0ebLus2h58KCIip7LxyOCodg4PA4iIV3wjCvuJB-guWYXtqHSPPjGhU_E-5yDRbZhX8isevPBBQn1ORzyy8aT0-D8l8DM60MTdvlRm50mT2PbyqnwltC4k0V-LAPgOb1tKlVuQlQAahKDmQmiw1PL4ixqfCujPTyaydT9bZfOnz5rTQOkAobhHH3LVscmbLqvtT6Ot2ljHvP-o4g4YbqzVlfTzeGmsI2fe90-BbeUJzCOJzSBE4iDsEpwHGjoCOCnd5EFBC5RBTbnWBnxjkxGL3BtWcWLvPz25mNcE1GJ59BVh0V01gx2v9aQ313tJNmbBoIvDAf-kSsvfakaCgzYtC3Mhck-8UIyqRzu8wCXNesUSkKSoTZtFZZ45hhyA2sTJ8QJ79XLJZlx07ZcvBVGfyH3a_uCmirzVoxu9cYWjIM5t5bpLFrtwQo_Dhw1uadq_iotegYIh_oLUth_RCQqVurOly4EWSAo_H66-uDerqPlJ-Q6jtPBVBDiJ41zbPGIvqC3eK9I-XILciAasMagql7e3SFOwYgZu0q0yPsApaiRef_muo77rYoqoKAnHYUewSb7SR2Bm1ewnX6VFuowe0aPzgWoEaQJaWmCxSHaTCzXcKMGIdLTof9sk8VtQDJBNIEWh3td_5wPULqDpP-L44voHXx4vn2g0qwGWoMVEz_1CWJjjIbq5X6Sd2-4BMqRxkve6lSWZtCVNDoEqcDFy3pxIkebFDOf77w7re-LB6I0XB70AqK_IZo9cdgtnoHIPVY0Nb7jqbhMhpknEzXESgmSMtKTzInEv50yN2_rEJes0Jlm3wuQVyzb6k88bQQ-N9NbBZkyBJDSLj2bnzRZqzv-u9x3-CDGI53iAoiDkcqFLEVF4A5sEKZDmvXFibayxrcam-myW2hCQtmDW1iD6jobe90xNIqj3zvFNW13shYmU9hTCSJyogZeVX7a5O3FFV1SvzJ08gcH3Wr4xcIQKDbmG-1EBUQ_ZDRMwZRpFpoUxOxT5pfFdkh_-Jn6sqxKxzZT-7LHMcnlEzqIKyp02gKeGXBmgq5n3lcAovz5lExZL83njuh_QWgvv7O_X8zNUYxBtsM0G03jycOuuNAzn2PiMgOX7QW0EU9tb-W9oyDsYGzZrvxMXwaVjf05DOLg-BL2G4t2FdLjQAVdnV12YX0ysxXWXcTkcK9UDOsS-mKitOcVYPlkY2KBo2mIkPnlTyPoEjT2RJ9n0-9ogSHkhzGu13nA1U2SHRDbCZAadP5mj6iY-Z6_cQqhqAfF5hCGCVNUxMB0IZRPug6ii8QYJqHf7wQjCWSNRDjurcWm21sIuFY1Aa9LMhLHGVfcqmWBWxAyGVkAajnjBAAtb-XCg2TSD5DX2hLiBZppHKTBd-LIieTYwyU98FSQxh2HQyx-aHUfhHEJ2XtefLDgo8pY-P87XmZKWP_OEDs28-7ZjusYH0Au-Q4A_SRjfclLNOXdx5_mU2aTeG3CO3-DUNp0lnd31bGE8My-F5kILaSXK3-du4-96AQtnaoxQpkSZJW9qJVIvU68srlS5r6Pi75gJWIOJWkTSRMG26Y8cVJBbSezsXEeKmXJNnurp6J_0CgTLkAn3M7VZPuU8dDXxiXR5FHpR6ox_EP2A5pzNleiwymLnC5R5kYz12dwxEGBryAoq2ZS0dPeLt7kZeF9lovFU4YtBhOUfrQffW4RluSKtXqoKhs5ETGdLW2G6oN1VZZ6PrluYasfQDMbiXmPO3lZP248R7NSMPCEYTDkKW8vU4MsKkLCAnMlROiVq8MA6UbVpAdYlh0WM_U5cW-1m6jIaJsDwTOzxzxjH7TLZqIn5d7Cra8v90BkJ6sUAUSzhREuLkKfXZJMCRTH7Ql0um_K9hYG7R26q7PTUhpH4M-OldKftPT2oKbfU1rPcwQ-pkjjeZLWrLaqXUD51p9mSFB8mgsNXXIWxXBThE6_TchX8d11-ScPz_aoV-CPpH3JsjNIcmt468uAcl0q_iRQyHklAwaKOCR8qXWdT9oJ1p-Og21h8u9rnOw3SH-PjNGKj2Uva5YOu_2vSj_blCyiF1BdTsa9Q19eVDR9sz1qFVymUcFDTgTd7KkT8QOsvp0vu2f_9BKP9FHxySKBUxr2_8pOsqdl-wXkQKFHIif9EWZzsO7su6JNqbMqRYysMyxbU3hlT8M6GZ_A-dBrZTQBpeZR2JNCaXLQen9BfcfkYTTHzLhw-BiWGp4kEzFcB7t87D8t6q-VXBL33RvHuBkdIPP4AtUBTmfmUBeq41wxr7BwGR63L-6Q_JaPNKzDxQRBILUBEthz0OdHJU-06QgUmd6RejeLCj9aD4sQP-Ju4f2UlgGsOqFK_HXbYqpDD3Q1KjJ92QrJ6E0JwIM1fejiOcAbDZM6UIGs8Y44oyD9sXKhTG5SfXK0Z5pw_Y1DzRso31w42UsRKx6Fhxj95-k_sF9JUFKpH_wFR78WDwN-5Bp8-4pdES1e9VFzHbkouzS0-UPuhVCUxKq84qOK-P_4TCCF93AJb3OIAXW_4vOTfefhDtS1DGGFMO5KcotDJKK26sbzSZHUvTPtcpob029Cg0Wf4-FE1iG6LdIwohLNOT8eC2P7eEI8wz_Ee20Wowd-7qtK-o_ZfHVYb2sHr5y_VZKnAIx_mZorQEsEQnYHjdgLzoFIG7OcUYXlVOpJ1lm8r0WlcM-Ev5ieA9iGcSmylsTdC8coAmDDYdM9-MRcnPsJU9-8s6m6RnLsjyDNxIZJaMXeIBYkTts7lmfkWzbzch4HQgl-PCQcRHKvXMIYLnAFuqCcquaEeFvFlDAyaesJJnV3VjErMXNSxGBHAEOtL5PFiNh5hfUOA8G0wQKHAwC5_j5XSLwCM10QbJ0fC7WRbgPPQSxzQo80E8zOpG8s7zsycvRwsS_PiDTtqflTatqcr-E1vMa7qvS0efYDznO2Jtzown0dQOI1raxT1SwvsksdTdBWwoC2Fumm5--ezyMUBQsXdhs1suMlWCXPriqexTIMCFEvs7ZbkOMM8Dy_cy6ePp6VqZy0zLR4E1m2UekNicNVf3egRx9YUpQ8gRqwPJ4Kio3vE0RA5nVMEfwat8_SQ_YiN1FEZbQ7URV2jQo_uvqbg&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=14639006913484452000&adk=1726166460&idt=128&cac=0&dtd=7

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b5d3cef2ff068fa56f30a43399653576a76ea5f0470a0a88b161a0ac31b6db72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38977
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js Show response
pagead2.googlesyndication.com/bg/ Frame 1140 38 KB
15 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/vzrjyyduFLgmDwpVgabaEshtOWNUmidH4AmaDYU2FBI.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98474
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14894
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:51:44 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 50CD 172 KB
61 KB 124ms
12ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11691
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:58:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 50CD 11 KB
4 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BmHxgCkMmpD40x7yfds-erblvtY11NfSf6sSfLIAvAlLueEXqFEuduzpuldkkpohM4iTgqoFv5C7Mrf_eyUBl02WL0vKs6igyBFp_YTbSNK4pn6BfS8G7mwxuJbMCRNcs3KXktjyMG0XqL0qZTsIVN2mUBN2nXCSLensIcqeIp9ynKdrg&cry=1&dbm_d=AKAmf-CPLUkV9dvpfrA0NiP6pD9pSDFdM4X-jZCUVaoURMXxSFqYS_Q6GKBAMkmTmhy58meYiFdpW0dsgZc3lzkd_B3vmqVq5RShtrunIOb9IP-vgk51tHUjECKPkrs90uZtfKCNXlJgmvARfcCgeoTOxg9safQ9osXhgNR4IdFZT9EsPrtFjwXSamtX-WJ_9rVSE1nWTQRTwKGnXdTWTat0Esj9ylAJBjpnLUUr_42Usp_bEMGwFZhRGOgrWKV6uJ6SJ265HKXHdU4tcGA_GuuqFbvFRFlQIzW7G9gUVwMLPHqu2G6tIACs6OAv5c3wUqQ8ifYq4OENzaSyehjC1Wt4bvR4Ol_c2Emf2RlOG2fiOfXOVVIrI3Xx8uzo5DaOlpj60Pa0MaQEqjitSCZwG2FVQlW7ppG31tze6JmlK4o7emseH1uE_QiOTlNpig8fftgWgmM6EIOJeUqNQU5_nxrKIg5bifjbTutOSzpgCeiyK5ZupHs19L4QEGUXXU6gp3yXt8QqIieOOXngyKHJMUq_M9JdJ1gqTdE4IvG5HIMyXxh9IzOWPeldrK0XQPVwOONByIFDtH-Dtqbs_UMm1RcIdA4CKDDrETBHRqKsW0gqBK0dH5XF9RBxDj7xEUyYS0sk01o5me2pYn2yjlTa5VDqg0VXmkDsbjQzIna5AtQFecopza0k57yR5jzFbA5gJGXh8pLePRJb7-dXffyyqANhIc4SwEW6HYutgSoMt3iUG9zEqk0uOFD00R-4PD_sktDbNq2f3UK0gQ-EnhEChHEywxHD_Y7uxtJa0X2ZXJqrThG-udXY9CR9cZMSnGcaCdJwdAtD7PueYBq3EFupJQAH5HPVmJx8pkE3E-C8KlUc_ts7vQhPMPL30pvFNLhlImohfD2GO9WgTul3YkCvd2s1kMi6_ZornwCKJKkVk1Oij0ZAzzl8oGet6u6tVOx2wNDo999uCezeF4MDKC-RoAkDw23YxcWusdCYXeogdWl-K8XPq4rjWuixviMJUz--U3rVwwvFmXh5QfeOwY_A0EEZ-LODcnmuJQ3nv8xpoX5Wv9s0n9uOscUEDqdBWWW2KcEYNveXiuZGLwoFYrPdas0kkTss1cLc7ztVni2lxImDtcDrh1GKg3IEBAXxNdoKU8PErCzvhePP8G5mmBKcMLfp21fsOGM6xQvathDLzz_3dwRSkNQezNXmZEH8Tc4ZwuKt-yGEz_wnrxz1KdYMnWmrU5HkxgeDIcOZ-f6FemkCTyPPSOMGOq6xK4uvMCpJMToMoZtKuG31YoBkmVrXZVY3sJGtmjpWrhvE9P6ivg3VdC2efFTAogvWvPsJNSxd0olF-3Qf7qeI7KareEkTFaZLS0LwI5wWsyFJtbpwBziCWOb_G-Y2Uzxd5KFPkiSKBQAK4XwEm8foeQBzdytGmyUajDzQbnQx9DKtTjTc6BiiL-9y66xYt8jfTKE0-IlXkk9kaaB61wHtFuTGxqENqBJqI2ht63WnSloaCRgI1EKwug3n78pSyK5o1u3bWsuJKkaFVwcq1ezPqcjpXuguTfheUuE-cv1rfnUnt-TX9FpVPocbqkDEZ8UPLqXaXP8TgV1Ur6wm8A9tLLqUprpFF9VkIIomk5gwZK25_yWHUabNLUJQUQJxFWuYjOdT3Y3Dg7eh1auRqGv72MOfO5vJDdrnLq_x7BLen6RnFFbIc1vKNWYrYaZLmXGRgKYNawKmdVX25rs8sXLU-1Do8hCaXrDR1kSHOzSdJC2JH8It1gpoDmaOYAZk7HsDbyx51yNPNPAi171eRu6WP3H2SEhjIcbqs7lsOjBkp_KNF632jPcGEXUZ312dM7FkcOO8Mk9WZGKJpf3AfjCDjm8vX-q-pGNeoeY4pU5OgtnWPMxR5qfOVLyI5BqMhDz386RLWzIOW17Ag5uq7-tKXi5HMfYax7_UV7alR1ZJT_FtnBTy-Xb6zzy2ZGbxrJaf4ya4vcCK1i96U1C5zWIN2ixy8jgGg6J7EbwtEWzJhh3QT_DnzXVbjkpLVXkZjloJDUNQ8d1_a29X8IYsu5Q3Wh7ExB6zN3gcDTdL0VrX37ksTjM-nJ1TpGRSaksxDiwdFFOVqSxnFPxlzh48KF3qqrT0rXyIrfS20-V5H51ytquLaVoVhxhov-vFNZB4vuliadxYluiI485qFPdR3WWtZdgZfLe8Zh_PP90fz4HdvnOkKgXH9OhdXtaRbqkf6SsxO7fft6KhcBkHIn8axP80i-6s4F9A0eKJp_6mdxLb165p8BODVkjCJkaOBn0HHforcsEBO4tyRnqG24K8K2c4xXrgH2cpH07p7rAWosQTLZCQvjxA403YWH8I5N5dT21HG5Qs1IbZuWVujDp1wlMWfvE2slMhx25-fE8jcdVOeesX056t2EOhtTrtoA7SgT_eIgeryVxcwZ6_ms9gmTiul95SYvT3AOAAOD9FbYb3NP9XnXMnacWoZpg6FAB6-ZfC6JeUACXyowdongieNzZRkA8gfxR55-dMojMiZwRG4z8lE_noYrVm8BvyRX1D691qsyOXFZdo2cpkvsjUF8gPlAWYjqBv_UJiShTCwz9rn1nADtCRJ_V7pDMkWdXHy1FloG9vMBSkRG1taf_oQbSyBtXJR6_kwfQrtMODfESqr8SOu-y5W_wINqcML3TL3j7IR1WIuzTe9M3Of3sYI73BhrYh1GSqhiXT3b8oUrgKPNleNDvrqQ-QHI-dNhG4zD-RXDTaz0iWMrjvpPzrYoYtrcaOX8Zx0BAd-6Iyi-M1ECyvIw23S-_EJiUqZQPyouVLFvTtIXmJpcnbo2g3ImCizwTQQ8KUDbqwsBt1e1Ltnh-NhwAsumluX6pVjsnVXU8LvzJrlt9UqDMOz-55EMsEVHG2UTE3xTCu9181fNcJX8tVPFvwFAoio5Mubm_oKrLBZECUxmwyx6hBnd3yjpIBgqQ8lZWXhFMa1WXB23RK3gVzVOUeIBrVuexjQbHALmNeiuPSApj6Vu1gC0diKjBT47PHalwI0x5eK8uwjkPg6WbwmBngKJBjQ1SysnS6kgr5Gl-lxr-zKEDYTMdpWfKFjbtMGaCQMLoWcsRntKLKHnc8fJnQAclPWe2T2j7__TVSqT4kYwMRain7AQ49pO-1z7RKFCZ9DjaXFNeFHPtWeTE5P8joBgiLyEaaoOsQPaSDkQlhbaSJ5HFJsFkaXUEGcGaGjsQcrRz--QrCvKGFF8l_iD3lyggEYToy0uvuj0Olx4fLxxxXwCqThwjcpXq6C-hCZ8u9tR36K2eYCMZWJKwPOMNipCkAiEylWGKbVAutFCqjScQJttvoDAvsff-zTzadmhpV3YiiUBywwccnghGqX_wb81s7x95eTzPdqwMwnA5v9OXhG3knJtTrS5OkySmIKu8Hr7phTG71FOhavveOyrvVS8-pbVICbvLT7H9sqmH9yOyueX22c7vbpg4Z5fExLu8vGtxDwEmwvsrRSyDAPb7dSMfgDCgTFhXoBIyra9eyQ-1okq0hWBX00yi5LRpH9gBJQ_DpthSbCGrAJ7GNxDMyfdIWdoYU1kZt3Vvjd4r7v5uP47JZpwIpQg4OsxRgbUNwphFXo2Z5fKpfZggVQjJXcxYvtbff2GOPr1pmsYvVuFyhqS4-qK-skfRRA-Iw6Z5w-YAjRLrmWI4ZGHRs791bAOOdaVEhdB_zoZ5WYBnbgDOQ7Kp4ydwB1DHTLroamo2BwUsiUB4IHefC4QHxtANsjepWX9Dyrfjq2C0ixMeQgMk2NzSDspY-WUUFo-3y9uiVmFECJSE8-h8ERu7_czzjwQxj_y2DuiXgVUprTWz4_-tJExQUpfm-a605mAIpmczMYOISGtOWcqPTm2AB7JdW1-EnHhjf-wGuKQwU37kwCJvV1IFNUoTQDEU4DWdIpgGnf86AAMKTAhL3eg&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=7355715054277182000&adk=1761367587&idt=124&cac=0&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:58:16 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 50CD 31 KB
12 KB 14ms
14ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:51:03 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 50CD 41 KB
14 KB 12ms
11ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:55:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 20:55:44 GMT

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame EDE5 172 KB
60 KB 105ms
34ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11691
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:58:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame EDE5 11 KB
4 KB 13ms
12ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADNRd6poMzH3G1-_DQac8BOvR3dAxSztlWscSrs_NstpU0ItxmzPDr4be4NAlooaVARn_Y78Ve3wCh5u-MRiqP9WeVoNF2mehzQQiOXx2LSMF9giby4usEQfD8PQXXZ6mc0Q1ORiFQgAkYa7SSZH8vrp4CYl6fLtulL8zsBuwgUe_tIh8&cry=1&dbm_d=AKAmf-CKRCJw3pG82bKwgS8Lbi2rM6jhy8HIr7tswbo9KFTEQVN17SjvlqJ2jla6b05gIji79QkH8ta0JqS33k_0V6ci6GL168-wTi56JUgDkX1klusFLkjA_MJADEaeDoHBnsd-y9vNicmVDvh3jAzvatKdwBtyDYkLrr9qN0QL6gCLirzC4B_tb5k1vBLyrj8iAFbkG5jjcbLSPp81VpNCpZX3JKHRrZ3pHK76liWSjWyop1TpSd3xPbOqax3yLmbs4fPIm4LX0JeexUh8-AwDMMcWuzYSQuhZODVDtBLCU3JeltyLMEachlsC97ftfkUqz6lNbPFpJHWNwbhfPCha0PhRpmvhg8q2TR5dVbzW-7uWqA--2bnYQCDdL0e9_Z6eT8PiIjqVe0uDz7GMzK48vccbEsRljurOrvsqxHdAbU-cbMw11NPMDcjE6gYPZ-GpHDfOPdT0iE2PS2Puqiv47qe9FdC5zr3rx73MHEyKnrW0zNuB_3iKBW6zhLEAwMGli5g7XMCLHHgrb-_lm8oetNsNmtmL3b3LMNdww15Z8fIs0vHhgBoA1gHxmtFvLI3vI3xX2EYT0XYBU0F2jPfU4norBCXz1KDkvBL--LTlW1VNWIfb81LG2i4fK9gMMYv9TgEXdaa3lorHHHpPiMSWcA38LkKNAJFRKFEI162TpgpuNGiC2119NEK5yzQfoiyVO5jySQDvWYFEoKMMd1FWpbybrHCWLe7PwwjTnhfwlbaQfyI_Sm8mlupBLhNJjfPf2qYiGAOgPERVqxN0TbWT5ELiSnMMmjkQJfG-0dhYVXsLLnXj3y5lYEKMpJj0ZqV0WBSQLOu_2yD4LsjpUn8RwphccMuO6gcbH318CRHlbAvg0mAAmMrwFeTuxXapldgvg442hp5SM-M9eBZgcCm4cqLRZ0RjVZq4PfSS9zD-DJF15ao6K6oVl7ZkALwM8WThWTlx7zcohEHI_n1g0MLvc51WDRLpHQOiuq-1P4TYLxIObQMePcMG2jsSH5GBUhYCwka_DcxetQHcMbbufcKlHHRvKXI3s1gIpJ2PXt1qa5UWqk4Q3MtuyRWvyrXKj_EAGwHv8hQBjApHNBkdhaboyk4pqDC8SO_YKn6rbQHp0_faJpY1UqtRKmzDtQs8YbXrWJtCJpbfEiul5kdAvwNkUzVwSq3nQIVyerV2v64v0NOSxkyz2nUayE5kR0as44z7oYpvVwv6H0Bof9Mu3kzadZQLxj696pZzG6lIhgVWY4T-T4NrtjR6WUQrEF_Lau1_csoDGM8wRim79Itw-t9Tu4U9XV3A3Cf3w5oQggT8Zc78S84Lqy49pEMvxsoBHxIUxoVrtA07JMp3xCD7YtJ-AXf0JE2tF-pzdGB73lKfaPCYzpQolAeHKvNJexlDqwswKam8l50kOjYNq5IvetgUy6nw8UbniXbmIe1vRdRroPQt9GjzEKSoPCelR7UZdXtaHXYBoFVbSVeNqbhEUJ0veiJTMGPVxGOZLyw0KQSszw2LePswSCd9PsQCBOdQsA8F4l8xvUgCJiNFao4eG4p51lujy-Pylf8AQBEzZwlLg1QLyYU_31VOR2rbUgVeDb1-l0qk4agE7kI1yJX3hwBXJxMC8FuOZ0-oQMNMR5MZhTJ2OvVazLZfffWe6k9Q5sBfrA_03ge-JomMZYmpKsOGjmExC6OUMEijtvZyaaTorZ2f2tsRXa_GxGqZvMfpeSbMDElh8nA6LyvmNe7Fx-zxwAdtgy99zOAnPR3RgZWOpejZCqrlRj5BQv_hS4Fli4Ls6WieoJQlTBZ9i0KUrq2uQIliVZunVSaDbNnS5jPq0Fv97ENXJ0kfPwwSfu7pBetrb2E8ANOvISkMf2RJgOhxOm-YVZlBWKQIcWtFNQcunxWMQhXiLY1DU8jYKEBg-gjZOAwu3VGJkAxXv0PQPMTSa-bEQ0zy4I-ToKukhOnpkD4PYhwiKPGJRgNfXe2ETVP1kvdj659yIvC4HCwjlR5iGy28zd_DKXQj3AzWyMaWk3C2skKy8KcIYXVUr_9fCmW9Q7S_TNcqLrWxRR8wZiljDsdfVDAPV4bNrKRX4f0b2q-BdaSco0Q2QWIxT0dpUUcGOdqf2DqRgCryb2S1CWdirO8VN0FQWjLHUUpyBIX9U2kIRGyDqFqJPVI32vlV_hYGyst4uDaBH4r0j4jAoRvujEoXGbkL6G8HES6WRvINir50v2riv6K2kygonKVpiJX2aDi2JIdO_nQHINVV9ZHckrVJN1eHHa1m-ZILyiYoDpgZRsnptQT6v4G5ym_nzIuU_QD-JGtEm6B-QgkKS72Zed-EDCKd12n71cjJccsrKuMtBPc1BW64ysHt3oNNz_4Iv1Ahh8EZzRAXkHgwUvi1kPNheiwbbLAeti6_ZmleFJo4lJr92sVzXxLK5PhtR4-bRqPHJGCXB9qyImTX5Xsbfj1oDQpenrN7rc9CZqOP4seJ4IB8ugl6oNBVs19qNYQHfBh6yGxfcVERu7Vn7aDGFXIyHaYOimFexRq6CPUxfl7u3olYQmwjtniNWztv44OgFlGMZHbGFCz3AF0XXrJGa3SQDOjt-zwuNCYD3CcraQPZtzJyeq4_ZbNh4El6NZO-OuuG6ktAoSXZHxDgOdqOWPR9xLtdTiAoh0L8E9y2F5ij0zi6bZIjxcNiK_75aeczzweGmpkFHVhdqgLpcxO6bTpsujMWb6gyZ5uUHaCFNaHsn0O66_aILcKzefoJsDwP0UAvQuXUdkrcgOBEyFwU_yGYjra-b0SbDrDn9p2HAiR6pZf7aqzRl0x7BMGFrqm1ZWwhZfKs-WM0jiV95u59QwHGRlj2pFyEkRbYmBnyA0_RDC0fb1WiUfCkhpq9eGO35TjWXz95HIXx5x6EcR6xa3R1PznTv4Bm19VxxuIAd0YP0Dtw8NoDLKVkUe47GpiWrazlCdbFRa-zB6cJtAnboyvSgjlCTBz440ovxcG1-6h-uTJMzQKJzfm2_7T-I9ntuHcw7kFQ86PIlhiuGjT7Mc18YF61-yfQuKwhGqT-usQABfDbg7rtJSw6EYtwQcAbfbqrryOMEOPCg4P3pNz0PsbNEu6QZusrmZeYNpbp9RpjpaNO6y8H7pO5ss4NKwV4eQiS-uDhuuoE9wJ-E201D4vkiVcAupBIlB4m0Q2iYpkz0IiJNTMP31RTaAGXEh_e5KVOFJiTWIBf3HyRnXAlp_8AlZ2ov0-khBiQ7_OFpd_c-N_qtbCamRvS5Kze-OygDC1uenOU-x_Z12GoMil5bcqo5js_UqxN2TfSMpiB3vp9hotG5cc6bQHDe0jKelGg1wgg5UNsojUcJDTTVt7pY_NHQmnnks7sp_UZTdT9ak0iOP4UPHa0QxBOWbtwI5kMMZGI2D1GZ7o3qoXvc7-ok8CMPJ3VESAjOQfthj91FaW6Kg130wP4eXmU6Etps_swLs3WtT4xwC-itomddhlw51fhofNgynoPRBNXQpM23C1hZ7Qds5HZD37xQRPL1CwOfZ_siNjiYs76-b0IvL__KNfVBIBgWi_mJqAJy6ctd1L9Xs5Mb9R5yicY1DlCBZqqSwEFhvFDOv-MWGBu2sPlVW11wLs2dklasuI1oGYFyh-dp-GQ9mmzmY2ssN3xuscWB5BuzQ3rhTgPpJTXq1L_Shisa5AfPKQZn2NlIgTMcGXwOO7MpFl-U90d0wjB0zkBYTig84FOUUYB9vbVwMM_xsih1B2MTqOy2a-VkHyl9iWnghScbRrLxtji1eT1WIpG4eZ-SOuzCHVrPJ3GwL9LqXDDXAFZ3lWo_EJNylry-1a_se-EUr13OxwaF0CFVxt5hGGykrXLBjQhJPQ3qBI0DVLiXWE-hrNcNPM6SWyQJMKIdnw8EQepmdO1X4bL-bmyHlNdR6xPq0CMKHVdpIrIu_CH09Vuyw&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=704642640893397400&adk=521587874&idt=107&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:58:16 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame EDE5 31 KB
12 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:51:03 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame EDE5 41 KB
14 KB 11ms
11ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:55:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 20:55:44 GMT

GET
DATA 200
OK truncated
/ Frame EDE5 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90ba18cf7dd4ea6d0fc9720a6dd50d7778c6d1cbb573fb55771cf5de583cbca7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 45ED 172 KB
60 KB 80ms
37ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 11691
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:58:07 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/ Frame 45ED 11 KB
4 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CeHdYMuB4fNoIAPNzFEhpAHdtYW1rHECCLAeOVyP0j--oWQf-PRYdFR66StjUjvf0MiBKYTW9e-RPgo84IQW7tUIiHwFKEgOD9dIswOc4Jx2xWK5Wj200bU0VSnnxjrAghsouIszeEyQ9SpuyskwUhpzYWdO0dFmT6Z9vCjczeP_5yl_s&cry=1&dbm_d=AKAmf-DFrfEiWXdunD1F8w0DgzJypwCzts3-Q3RA1XxNg5cfCD0ElWFTAclbCRs0I5BYpyMV7OKEK2RrZdlMeAB7PvGlIGsufnmeaQwcQGG4Hxjqc3L8X84p4LfRITZlHT7OA5WnpmliYHrxrgscfklQnKSzUeTq4NewN8jqEVOu6LSzbUpRrnaiy8pR7jQPYr0V8pvmq_tXSnV459FgxesdT_1VK8NTW_zXSTWZr-jli6PvfgLNK0_jEbIh695B8UwRfRmf0F74ptENK9TYr492CRAXX7Mvw5j9hRUNuZJ0gCu1Qi0zsr9qodaCny7HVNENEuiqOdVHPjBOWLbHjMZYTBFAnFfpVJe-XkoT_IrO_YeoRx7FViLlVYTIUCgc9ekFoeNWjQRl9b31BLIY_GTJUmDBX6JXa_qaA_TGFKD96UV6LHWKNEh5Ro7yqPr8EEuh-CWNTWlCkct_NV9ZUibuqrQ86gV-pHgLeptM5Sy94QV2WojDweaghp6GLAxSwy3F2pZsTAEHokgSYcBEch8U9G8JQHeq7zOPXUaIyCZoCAhUSZgYWQBJHYTWhU1J-ddhbZV0h3K-tils-9BdZJfVqn5dB8QQ8wnpRvjaEqZvJM380FRfumR3KKFpwzvAdZl7jkn8CXs6fsKKRSIVmflKA2CsQGHKBnVAB_-NmYqWE-lI1MBf4K2NkAA-sI7Fq953WGskJJ6cJ12y-RlF_HiydiwRARvh1sYU1NH-I5tlRc-XXIwXtZR_BrbSp4TZ9QmTrmuLxch-Ep9nYz2fNN6p0DzCwJWq-XZhpFxE46Q9C5obmwZO0ebLus2h58KCIip7LxyOCodg4PA4iIV3wjCvuJB-guWYXtqHSPPjGhU_E-5yDRbZhX8isevPBBQn1ORzyy8aT0-D8l8DM60MTdvlRm50mT2PbyqnwltC4k0V-LAPgOb1tKlVuQlQAahKDmQmiw1PL4ixqfCujPTyaydT9bZfOnz5rTQOkAobhHH3LVscmbLqvtT6Ot2ljHvP-o4g4YbqzVlfTzeGmsI2fe90-BbeUJzCOJzSBE4iDsEpwHGjoCOCnd5EFBC5RBTbnWBnxjkxGL3BtWcWLvPz25mNcE1GJ59BVh0V01gx2v9aQ313tJNmbBoIvDAf-kSsvfakaCgzYtC3Mhck-8UIyqRzu8wCXNesUSkKSoTZtFZZ45hhyA2sTJ8QJ79XLJZlx07ZcvBVGfyH3a_uCmirzVoxu9cYWjIM5t5bpLFrtwQo_Dhw1uadq_iotegYIh_oLUth_RCQqVurOly4EWSAo_H66-uDerqPlJ-Q6jtPBVBDiJ41zbPGIvqC3eK9I-XILciAasMagql7e3SFOwYgZu0q0yPsApaiRef_muo77rYoqoKAnHYUewSb7SR2Bm1ewnX6VFuowe0aPzgWoEaQJaWmCxSHaTCzXcKMGIdLTof9sk8VtQDJBNIEWh3td_5wPULqDpP-L44voHXx4vn2g0qwGWoMVEz_1CWJjjIbq5X6Sd2-4BMqRxkve6lSWZtCVNDoEqcDFy3pxIkebFDOf77w7re-LB6I0XB70AqK_IZo9cdgtnoHIPVY0Nb7jqbhMhpknEzXESgmSMtKTzInEv50yN2_rEJes0Jlm3wuQVyzb6k88bQQ-N9NbBZkyBJDSLj2bnzRZqzv-u9x3-CDGI53iAoiDkcqFLEVF4A5sEKZDmvXFibayxrcam-myW2hCQtmDW1iD6jobe90xNIqj3zvFNW13shYmU9hTCSJyogZeVX7a5O3FFV1SvzJ08gcH3Wr4xcIQKDbmG-1EBUQ_ZDRMwZRpFpoUxOxT5pfFdkh_-Jn6sqxKxzZT-7LHMcnlEzqIKyp02gKeGXBmgq5n3lcAovz5lExZL83njuh_QWgvv7O_X8zNUYxBtsM0G03jycOuuNAzn2PiMgOX7QW0EU9tb-W9oyDsYGzZrvxMXwaVjf05DOLg-BL2G4t2FdLjQAVdnV12YX0ysxXWXcTkcK9UDOsS-mKitOcVYPlkY2KBo2mIkPnlTyPoEjT2RJ9n0-9ogSHkhzGu13nA1U2SHRDbCZAadP5mj6iY-Z6_cQqhqAfF5hCGCVNUxMB0IZRPug6ii8QYJqHf7wQjCWSNRDjurcWm21sIuFY1Aa9LMhLHGVfcqmWBWxAyGVkAajnjBAAtb-XCg2TSD5DX2hLiBZppHKTBd-LIieTYwyU98FSQxh2HQyx-aHUfhHEJ2XtefLDgo8pY-P87XmZKWP_OEDs28-7ZjusYH0Au-Q4A_SRjfclLNOXdx5_mU2aTeG3CO3-DUNp0lnd31bGE8My-F5kILaSXK3-du4-96AQtnaoxQpkSZJW9qJVIvU68srlS5r6Pi75gJWIOJWkTSRMG26Y8cVJBbSezsXEeKmXJNnurp6J_0CgTLkAn3M7VZPuU8dDXxiXR5FHpR6ox_EP2A5pzNleiwymLnC5R5kYz12dwxEGBryAoq2ZS0dPeLt7kZeF9lovFU4YtBhOUfrQffW4RluSKtXqoKhs5ETGdLW2G6oN1VZZ6PrluYasfQDMbiXmPO3lZP248R7NSMPCEYTDkKW8vU4MsKkLCAnMlROiVq8MA6UbVpAdYlh0WM_U5cW-1m6jIaJsDwTOzxzxjH7TLZqIn5d7Cra8v90BkJ6sUAUSzhREuLkKfXZJMCRTH7Ql0um_K9hYG7R26q7PTUhpH4M-OldKftPT2oKbfU1rPcwQ-pkjjeZLWrLaqXUD51p9mSFB8mgsNXXIWxXBThE6_TchX8d11-ScPz_aoV-CPpH3JsjNIcmt468uAcl0q_iRQyHklAwaKOCR8qXWdT9oJ1p-Og21h8u9rnOw3SH-PjNGKj2Uva5YOu_2vSj_blCyiF1BdTsa9Q19eVDR9sz1qFVymUcFDTgTd7KkT8QOsvp0vu2f_9BKP9FHxySKBUxr2_8pOsqdl-wXkQKFHIif9EWZzsO7su6JNqbMqRYysMyxbU3hlT8M6GZ_A-dBrZTQBpeZR2JNCaXLQen9BfcfkYTTHzLhw-BiWGp4kEzFcB7t87D8t6q-VXBL33RvHuBkdIPP4AtUBTmfmUBeq41wxr7BwGR63L-6Q_JaPNKzDxQRBILUBEthz0OdHJU-06QgUmd6RejeLCj9aD4sQP-Ju4f2UlgGsOqFK_HXbYqpDD3Q1KjJ92QrJ6E0JwIM1fejiOcAbDZM6UIGs8Y44oyD9sXKhTG5SfXK0Z5pw_Y1DzRso31w42UsRKx6Fhxj95-k_sF9JUFKpH_wFR78WDwN-5Bp8-4pdES1e9VFzHbkouzS0-UPuhVCUxKq84qOK-P_4TCCF93AJb3OIAXW_4vOTfefhDtS1DGGFMO5KcotDJKK26sbzSZHUvTPtcpob029Cg0Wf4-FE1iG6LdIwohLNOT8eC2P7eEI8wz_Ee20Wowd-7qtK-o_ZfHVYb2sHr5y_VZKnAIx_mZorQEsEQnYHjdgLzoFIG7OcUYXlVOpJ1lm8r0WlcM-Ev5ieA9iGcSmylsTdC8coAmDDYdM9-MRcnPsJU9-8s6m6RnLsjyDNxIZJaMXeIBYkTts7lmfkWzbzch4HQgl-PCQcRHKvXMIYLnAFuqCcquaEeFvFlDAyaesJJnV3VjErMXNSxGBHAEOtL5PFiNh5hfUOA8G0wQKHAwC5_j5XSLwCM10QbJ0fC7WRbgPPQSxzQo80E8zOpG8s7zsycvRwsS_PiDTtqflTatqcr-E1vMa7qvS0efYDznO2Jtzown0dQOI1raxT1SwvsksdTdBWwoC2Fumm5--ezyMUBQsXdhs1suMlWCXPriqexTIMCFEvs7ZbkOMM8Dy_cy6ePp6VqZy0zLR4E1m2UekNicNVf3egRx9YUpQ8gRqwPJ4Kio3vE0RA5nVMEfwat8_SQ_YiN1FEZbQ7URV2jQo_uvqbg&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&dc_eid=31079495&dv3_ver=m202309260101&rfl=https%3A%2F%2Fxn----0hcdndtvomdb2jb.net%2F&ds=l&xdt=1&iif=1&cor=14639006913484452000&adk=1726166460&idt=128&cac=0&dtd=7

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:58:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 11682
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 17947678125179771625
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:58:16 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/ Frame 45ED 31 KB
12 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231109/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:51:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12115
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11874
x-xss-protection: 0
server: cafe
etag: 3876053170955424897
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 30 Nov 2023 20:51:03 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 45ED 41 KB
14 KB 12ms
11ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:55:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98234
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 14 Nov 2024 20:55:44 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 41CC 38 KB
13 KB 18ms
17ms Document
text/html 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 98239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Nov 2023 20:55:39 GMT
expires: Thu, 14 Nov 2024 20:55:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 35BE 38 KB
13 KB 19ms
14ms Document
text/html 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 98239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Nov 2023 20:55:39 GMT
expires: Thu, 14 Nov 2024 20:55:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 24BC 38 KB
13 KB 21ms
17ms Document
text/html 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 98239
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Nov 2023 20:55:39 GMT
expires: Thu, 14 Nov 2024 20:55:39 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 87 KB
22 KB 199ms
36ms Document
text/html 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06e9d39e8bdfc0d3f091857e2eb2686f3e681fb5c8f30830cdff18d37b6cedb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
expires: Sat, 16 Nov 2024 00:12:58 GMT
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 50CD 0
0 200ms
42ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvZAAAl-xDzr4dIT6AZHl5vkf5St7IEiWexbEIy8YwTWnsLutjnkfcgSE9BvYPvkA8dC6JDh82iyCjOq2FfbmzRk3RenM07ppW3LkgyqRopm0DCL4BDSnAgonjd7WWfmniVleQEOAfH057UVeDCcdXShu9sczkKusSwtNRDamj3qLEVohllPJ8HO3yx37FJq2y6REKwjhAPwkf_VZyLGJwobfn5dBnBBD9TlDJ1gAl1tsWyGzM1eWJm4H3pR63AXEyNTOU3-2xmZWHJXRuJ7-IM5HHmvBHmK6CGtAtm235qkcQzipra_8tHkKcOofGLkmYPrKVQ_JTj2yViJCT6SXBLgtgEqzE3ZwsYSLE3rQFqU8y5KppHvw-OFIvPmyoMj0HI1KqqckrB_wLAHFaFKsfcgBdZqE6nMl-AjqXyAlDOvTVCBy2bxwDwDAtVlDXrYnZc5qSkkvch4VLRXSchVtbkRz2gVulO3gpCgP6sW5RbdbYM8wbQV4Y0IzA0bbCqMCzVYdJslVGGCtN1j5Ulil-qRgc-3LGsxbagBTFNM95pzaw49uwsfpzL5UachJtMw21E3D3CWxBnFnlmRzYTiVwjjJXszbuCISJ6-56fL-Rm5c5IuYKwVRzdadaBqTj-kRxOkFTFtWzjUFXa51NebKuNNdA-vgp1pGmgCAOKi_Fgq0CGjL2JVmcNQcCTU6apv4G8U-K3IRriMF5F0pMHe1z8Tvk7wklPp6rIMn2vAVIBfjl_DRB_bLzofcJcPb8u9wOV7_4t6Wd8WztehKSS9KP2BIl_Gj3H3Np5-sIkSN9_mW1VioYVMkXuK-KsMKSJrWbmhKnncMzfq8Hc1VvmfcV4ZuMBOL2XmkpIu6Tga8G8uef0-T7KymBjQCRpXo0o9Fn0qq0ETPYAYY-AG_H-5uvXVBTrM2qiB5VKVImAupC81LjSUwJftRwAjJLgJ_xKnq7Q_DJEXzaU7Ni5NcIyD8hn4nP6Qd9Qh7wby96eAvocBRbR1HzESFpN6iIBVK40HjIaS6Su49vqM7H1qXK6Hfdy9ut_aOH5Vt72hAZGmfZZp0Xbs1KsNB0EQ8_eNgOEmcHHpCRx-gLl0nPgPm-WUJzewKWVbNILvUdQY5M3MdxuDogOVwk4nGkAFBfNiYK0rXP1Zq-2GMLdHiMcfCibPZfvIbCpkkJSRMWZ2BesFch4EHSwUt4sIYjoC1wc_WLYeLmu6cSgg1HRnoSbllPdyVbZjb9RumjzAZRXswXkLL09fkOAX2P7wfaKBmdLTtvrok45q20t29Uu27xkxdeTISrx_aPk7rAXcC7-WE5TH-V8OSU6EFTek8OGSAe68w9picXvc7Nvqi9Dw037xG7sut9AwwK2PwVld9eSm-MjhYHbcuLOm2Hk&sai=AMfl-YTPQK6MPQbqUQnSgLzWlPI5leIOdTChpeQ1YV18RsEcXs8WKa29mieKnOMz-_3D1E9poCtW4dCUtofbitpaeajA2WGWstuDT9XNWXkVTiiOlJi7x5-O6SCOAGVaOFu6H0ruZ8CCO3kJc-pVOcHAuiy7SlZAS3JxhQsui3JKMBB7_YMNUrvzeD1kmzuZ2vKoeecJJZzsCVvAUVJEFTjUCSC3MnFzeZzaqkGkmiLw9q7-ePOggHDplBNPh4SmKfHv2DgM9EBDCoz1JhVajyls8u_GX4HnKOYSC0y47RkWOw&sig=Cg0ArKJSzBwgnQyzJ-RMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=181&cbvp=1&cstd=164&cisv=r20231109.85281&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 87 KB
22 KB 41ms
36ms Document
text/html 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

626f9bce9b569338a6b44f46555e983cd6c0d4ead69749a428b5c7582e18c811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
expires: Sat, 16 Nov 2024 00:12:58 GMT
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDE5 0
0 144ms
41ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_1vye2rdgiopAErBqX_cc8yO12MtcGIL0SOhBQp27CLpSZyPCeIyMgkeFsWzXR_S2XPrYC8KY4yn2fbWYfTR2iRRcIkJmc_HXVILzmp4yI3EDrlRxzUk1fOHcyR7VQCdBRdWXsT0CGaEeIEFicD_o77WU6PfVBTPZJAPohOGgYEAviIOLw7ckrV0u-bywbXAQkzqGcM67lzp2a5LkaLTFREtuNK0DZQ1ibI556Ta3L9q6TcJQK6t6qlPdVfpVMeNv85GA6l-f-nBDNS0qkDfgmjGdSZGy8d981H3rl_ryy9fWx921O9fdTKAgnV1cd6KH_f7ZeG-jb0JXPKMImzFAYmbOsOfIFBMX8L-_zrs2IyqRIQODZ7RPiA4Z7lLPFo6yWBvGot0n0pNiQmtYmizIAwX6o-ODlCfP0f04XEeXdmkmtdtD_hqFmo6XJ1h1RYgbNZ0XxKgqAWia158412niLSF9k3AIwXqSXjuAkEtETvh39Mr2EXQsgNsnk4zaotmweIcuwWWSMJwvXrQBgw_uSx695xvyOKBnI6qi8669kvVEHY-aN6ltHjHiTCBp0f5_5t4rRQ3ySSDQz9p0FPVLdAvcqzVYDBeqgMxN1mAQHg0wqN0Sx07-gvaEx0lZjktPLWF9W_x-p5wYVDnH-pPKiE0wOMrP9I1woFyX4QnX_yvsEXxyrU_DDB7S6vy3AsvPQ4PZuir1oa7ZPWZ6Sf7RgCe1inniyNwwOWRFGItLrA03CDydh1whcoRoVxriRRYJvAqpO5JaUsq75fgwCC0BZ9f6KvzHidkYGf9AM48HY9THEH3vU8CJ6T2VZym4HkU-Ki_nCy4lQnoP3ZK7DftOjqkv3taITWOrf4OfoQ8hG4el_T-byfD_YTqfnjcaXGWrXmymhZceekoxHgL91E0lnB87NBI1CGEk9gzijeIzJEWSvGytwiZEb1apOw0wjgLyDR8-CBgKT5QXWXRndlyFTUBP9VyDKUfjFzFiKZwqSFvWk1XbaN4qCyrJPVQtenaFhtJZFQH7Rsa6C4Er8Tmei7nD-qlI_y6QDv3o07DhdMxORtToZ4ZY5KweAKxeXmN1l41PR4t2bCZUbzehJn07JTuM-c1rWevX6Jd1hR0AgJiGJdn3jiyruVrBOeY0KI4r8VIc0ngNpgupBYOMm6qocDWTE23i8CISEW5nhqCSmZX2u61PvYRF9F_E-8EE7d_9L0QzdYtdj-PLG3STtBye0LFqiwtRB3rRsFNwBLYdflQLB5Po6p11ph2ZXyLzPUiVOkB4LBdfhizc-hw2loOEzDtTIdlybzUB1NzxqK3TzZivI_iScUvVVl-IUocIYnzjHwLSTWZFOrTtzShR3Rgky6VNGEQHaUx4ByhIYCUmqELruAfI&sai=AMfl-YRj-aiyUJcW28xMFum92IbYQDqbHK89pjObRrZAUVPwi75oMGTWoSmOKoSxyv6M-GRVTIpOcvpGpaV7ht1_C3PfFrh4n2N_OQQckb6nbxYbHrUfEi8pFmUUIqYm7WLRTHDegzd3fYf0nl4n5GzQfAxZfCTDcGFCE-kDEhjOw-70xoHB2SJzgrSw_UdoCSQegSsl6Un6mda4w-M6QfHKr2KS0uL7WnxVfP1Qrd-lD09ICYFMWRo0FSvH3f1I_kURWtuOCSk4kSM98hVnL_OA3Y25_bgwZlcUJSurVrT5-g&sig=Cg0ArKJSzN3s_fior5iqEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=197&cbvp=1&cstd=184&cisv=r20231109.55135&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 87 KB
22 KB 38ms
35ms Document
text/html 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

06e9d39e8bdfc0d3f091857e2eb2686f3e681fb5c8f30830cdff18d37b6cedb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:58 GMT
expires: Sat, 16 Nov 2024 00:12:58 GMT
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 45ED 0
0 111ms
44ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFv6-K_BLZ95MRp3X-PcW3Wr5aPFyjUQ90otYEZjVtoJToLTwsrPhFmcEd0SVJKbwwLN3vR41Iu7gCVHPxeWV1frSU6UTUtUDe6VpnuSYmvnq2pS_L0xeT6muB-3G5q5IUEY4Qm2WRoAF3pm0neEmz8skxzVKIICNhqM1eUYFnCCjdoxYjy_e75MxW_LVbFGiBbr3MppV4zFn7q-LFFi7VQ-f4FTk7c9d030hF2FMvny7BH0zjnSezxg-upzOnqTErNIFeKmp0HlMubGCIaKT_pcrc6wkjC_EG_dtRkpvA9jjQP4-L-9xtakDY1PKHWaJDdsKoam8ngWL_o6pYCKo-lcMIinLp4ocLtMHUNJ2mcXSRkrKKE-inL2rnB7nDUT5-ovwuTxuEqBdjBY_AwfiC-ob-f-CurAeVqiS9e78WlgVrhGpYf4YdtL_7jfU5RkZfg6yH8tiYTdAoEQ4KH6R65dBJMtbQkreOTpTc6mp2nihKZmAaL5-mIN1xIltPQjOIKtuVceC-en9QTVlbh3WGKrn1aWwfcx_ic3pcsDNRTvJv2SN9PE7o-z4WDOGIHVvYtgbNcoRGViFV8AXqMrlWFFSciASE6X9b8By-WoUK7qohnsonuWJTzKAobCNbdurLyqm5ThzqIElF-51Ss3vUbigB2aIoAuZedezp6kbA2YaIFazNPwSkHwJ-ztRLn1arVFYGi0lUGGrJx184A1vKrcNm4vfY5h3ifWh0U8aeYfuoPfJmEreEFkkiQx9Cl0jr7opkN2NPIbN7JaAflib8KUxHL0kaFXRdcOo6NbkAlw5j4iciz1UrBJ10Vp8MYUaybC5lXaw1rTno89zIwS_8yv8tfhynV81g5oVjNeUeZSxSvm8rCUB54zHZ6eo-tt1bTr9nwPTiC9acbY_VJLrkGQjrvdrF9mjSLAoFmXQwufyp5UbunhSWrkrMpoANT4qA8hrZ7h_xnmQLd-LGCIhkA8ks5PJqZcXIYh1raP3RIwmj8IKXzOugPc7PmTG24X8BXkOepXI-L5Da78VcDroLJna7sc7YGJFHxemnqxnIbW4hS0ZrwspNEOoZoW2GQ-2ObmJyh99cGuied1wXsmj58BrZiFmIZeCMIxFtKb4jheyOAFWsJJljBdaiBd27685S5VMqVF89P077gizPWFdP-KlAS9Rc920wKPzvXv5-kMECG4ZRibvoDeJZfm43PkSIcNbcsBR6zcanEmcbrw72fo1V4LveY9RdZ0BzAck0KVXFgZdHZU2oIEMUeGD-XqgXv9tBMoemGofSh4RVcTJLN3wzwgioh-0WPMI7mXMK9NKDZaVqSvMuOStIwbuDwQblsYuHNA1NKzl0XEAirKA7SWamUSepKw2pCFESLTMG9f4iNd0&sai=AMfl-YTE_sYCZ-vXqAl2W99wIuUVgIsf1eM0Tdbu_WFoyHQDx62O0Scty1TurXVUJkZfS2jTuzROevJw27abYmXjPfsoUKXMa32uG0NusWXrJm_YhyN9tcU7Zqvtm2WWHnuiTNtdGkUKsK8yesEEOmsIkhiMf2AsY56sg5lAA9cRxYS4to0B7uoThOL9GjEliMeELNlqtb68VVwAur0QItaNMuYPetVYmiNmvdb9IbpcSRCsfYm5nile1gL7Ae1KRIRfX16IWaC2bQ6hcGMcMIfa5yPD_PzpBoEjbteSZNXoWw&sig=Cg0ArKJSzDvtLStgPyvDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=203&cbvp=1&cstd=189&cisv=r20231109.88926&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 41CC 39 KB
15 KB 13ms
13ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 35BE 39 KB
15 KB 13ms
12ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 24BC 39 KB
15 KB 15ms
14ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98340
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 39ED 120 KB
41 KB 15ms
13ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12465
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:45:13 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 2C40 120 KB
41 KB 19ms
18ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12465
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:45:13 GMT

GET
H3 200 Enabler_01_250.js Show response
s0.2mdn.net/879366/ Frame 9F6D 120 KB
41 KB 29ms
28ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_250.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12465
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42247
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:45:13 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 1F1D 42 B
64 B 108ms
80ms Fetch
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvBgrQj8WN3K_jUxV2IuthKa4OGEYSBC5Y1jYd9PsP1hVSL2CHJynZ_cnT49c7x4QLWnP2tZ7_bXaXqP7m1upQxa2ZVCa5TCxjgPGafQbBVxZ56E4ceaiOKO_InVtkExvxpH9OdhOuzIQ&sai=AMfl-YQTCA_HVT1ExRi_m-EJFXnsS_Tbmw3ao7T1GmkNX9hPsXnZJ2b4moOvplDdgC5e5R_1KM7mFCMTYJHarTF-_CgTJgLAbv9gcu78VUnXA3wsnEIKsru698sfdPpbCExnNfNP4apLUw4Zfu3HPB57&sig=Cg0ArKJSzN7wBdjPqDfaEAE&cid=CAQSTgDICaaNadnkclRUgDZAhvNn-1RQFxUHVZYSb0udx6ed5wQSnbwg6m6URGM0Mo0zdMMvm_H6pOe2SicgvimACVeE3fIo8bELr72gYgV09xgB&id=lidar2&mcvt=1019&p=0,0,280,497&mtos=1019,1019,1019,1019,1019&tos=1019,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=543386735&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700179976604&rpt=1243&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 2 KB
3 KB 26ms
26ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 2 KB
3 KB 12ms
12ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 2 KB
2 KB 25ms
24ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:00:45 GMT
x-content-type-options: nosniff
age: 97933
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 21:00:45 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 50CD 0
0 40ms
38ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvZAAAl-xDzr4dIT6AZHl5vkf5St7IEiWexbEIy8YwTWnsLutjnkfcgSE9BvYPvkA8dC6JDh82iyCjOq2FfbmzRk3RenM07ppW3LkgyqRopm0DCL4BDSnAgonjd7WWfmniVleQEOAfH057UVeDCcdXShu9sczkKusSwtNRDamj3qLEVohllPJ8HO3yx37FJq2y6REKwjhAPwkf_VZyLGJwobfn5dBnBBD9TlDJ1gAl1tsWyGzM1eWJm4H3pR63AXEyNTOU3-2xmZWHJXRuJ7-IM5HHmvBHmK6CGtAtm235qkcQzipra_8tHkKcOofGLkmYPrKVQ_JTj2yViJCT6SXBLgtgEqzE3ZwsYSLE3rQFqU8y5KppHvw-OFIvPmyoMj0HI1KqqckrB_wLAHFaFKsfcgBdZqE6nMl-AjqXyAlDOvTVCBy2bxwDwDAtVlDXrYnZc5qSkkvch4VLRXSchVtbkRz2gVulO3gpCgP6sW5RbdbYM8wbQV4Y0IzA0bbCqMCzVYdJslVGGCtN1j5Ulil-qRgc-3LGsxbagBTFNM95pzaw49uwsfpzL5UachJtMw21E3D3CWxBnFnlmRzYTiVwjjJXszbuCISJ6-56fL-Rm5c5IuYKwVRzdadaBqTj-kRxOkFTFtWzjUFXa51NebKuNNdA-vgp1pGmgCAOKi_Fgq0CGjL2JVmcNQcCTU6apv4G8U-K3IRriMF5F0pMHe1z8Tvk7wklPp6rIMn2vAVIBfjl_DRB_bLzofcJcPb8u9wOV7_4t6Wd8WztehKSS9KP2BIl_Gj3H3Np5-sIkSN9_mW1VioYVMkXuK-KsMKSJrWbmhKnncMzfq8Hc1VvmfcV4ZuMBOL2XmkpIu6Tga8G8uef0-T7KymBjQCRpXo0o9Fn0qq0ETPYAYY-AG_H-5uvXVBTrM2qiB5VKVImAupC81LjSUwJftRwAjJLgJ_xKnq7Q_DJEXzaU7Ni5NcIyD8hn4nP6Qd9Qh7wby96eAvocBRbR1HzESFpN6iIBVK40HjIaS6Su49vqM7H1qXK6Hfdy9ut_aOH5Vt72hAZGmfZZp0Xbs1KsNB0EQ8_eNgOEmcHHpCRx-gLl0nPgPm-WUJzewKWVbNILvUdQY5M3MdxuDogOVwk4nGkAFBfNiYK0rXP1Zq-2GMLdHiMcfCibPZfvIbCpkkJSRMWZ2BesFch4EHSwUt4sIYjoC1wc_WLYeLmu6cSgg1HRnoSbllPdyVbZjb9RumjzAZRXswXkLL09fkOAX2P7wfaKBmdLTtvrok45q20t29Uu27xkxdeTISrx_aPk7rAXcC7-WE5TH-V8OSU6EFTek8OGSAe68w9picXvc7Nvqi9Dw037xG7sut9AwwK2PwVld9eSm-MjhYHbcuLOm2Hk&sai=AMfl-YTPQK6MPQbqUQnSgLzWlPI5leIOdTChpeQ1YV18RsEcXs8WKa29mieKnOMz-_3D1E9poCtW4dCUtofbitpaeajA2WGWstuDT9XNWXkVTiiOlJi7x5-O6SCOAGVaOFu6H0ruZ8CCO3kJc-pVOcHAuiy7SlZAS3JxhQsui3JKMBB7_YMNUrvzeD1kmzuZ2vKoeecJJZzsCVvAUVJEFTjUCSC3MnFzeZzaqkGkmiLw9q7-ePOggHDplBNPh4SmKfHv2DgM9EBDCoz1JhVajyls8u_GX4HnKOYSC0y47RkWOw&sig=Cg0ArKJSzBwgnQyzJ-RMEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=571&vt=11&dtpt=390&dett=3&cstd=164&cisv=r20231109.85281&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:58 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 50CD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 37fcfaf3ac4bda7c891364e309cd969c11ef016fdca39a4357d70d450be0be51

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 2 KB
3 KB 14ms
13ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 45ED 0
0 40ms
39ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFv6-K_BLZ95MRp3X-PcW3Wr5aPFyjUQ90otYEZjVtoJToLTwsrPhFmcEd0SVJKbwwLN3vR41Iu7gCVHPxeWV1frSU6UTUtUDe6VpnuSYmvnq2pS_L0xeT6muB-3G5q5IUEY4Qm2WRoAF3pm0neEmz8skxzVKIICNhqM1eUYFnCCjdoxYjy_e75MxW_LVbFGiBbr3MppV4zFn7q-LFFi7VQ-f4FTk7c9d030hF2FMvny7BH0zjnSezxg-upzOnqTErNIFeKmp0HlMubGCIaKT_pcrc6wkjC_EG_dtRkpvA9jjQP4-L-9xtakDY1PKHWaJDdsKoam8ngWL_o6pYCKo-lcMIinLp4ocLtMHUNJ2mcXSRkrKKE-inL2rnB7nDUT5-ovwuTxuEqBdjBY_AwfiC-ob-f-CurAeVqiS9e78WlgVrhGpYf4YdtL_7jfU5RkZfg6yH8tiYTdAoEQ4KH6R65dBJMtbQkreOTpTc6mp2nihKZmAaL5-mIN1xIltPQjOIKtuVceC-en9QTVlbh3WGKrn1aWwfcx_ic3pcsDNRTvJv2SN9PE7o-z4WDOGIHVvYtgbNcoRGViFV8AXqMrlWFFSciASE6X9b8By-WoUK7qohnsonuWJTzKAobCNbdurLyqm5ThzqIElF-51Ss3vUbigB2aIoAuZedezp6kbA2YaIFazNPwSkHwJ-ztRLn1arVFYGi0lUGGrJx184A1vKrcNm4vfY5h3ifWh0U8aeYfuoPfJmEreEFkkiQx9Cl0jr7opkN2NPIbN7JaAflib8KUxHL0kaFXRdcOo6NbkAlw5j4iciz1UrBJ10Vp8MYUaybC5lXaw1rTno89zIwS_8yv8tfhynV81g5oVjNeUeZSxSvm8rCUB54zHZ6eo-tt1bTr9nwPTiC9acbY_VJLrkGQjrvdrF9mjSLAoFmXQwufyp5UbunhSWrkrMpoANT4qA8hrZ7h_xnmQLd-LGCIhkA8ks5PJqZcXIYh1raP3RIwmj8IKXzOugPc7PmTG24X8BXkOepXI-L5Da78VcDroLJna7sc7YGJFHxemnqxnIbW4hS0ZrwspNEOoZoW2GQ-2ObmJyh99cGuied1wXsmj58BrZiFmIZeCMIxFtKb4jheyOAFWsJJljBdaiBd27685S5VMqVF89P077gizPWFdP-KlAS9Rc920wKPzvXv5-kMECG4ZRibvoDeJZfm43PkSIcNbcsBR6zcanEmcbrw72fo1V4LveY9RdZ0BzAck0KVXFgZdHZU2oIEMUeGD-XqgXv9tBMoemGofSh4RVcTJLN3wzwgioh-0WPMI7mXMK9NKDZaVqSvMuOStIwbuDwQblsYuHNA1NKzl0XEAirKA7SWamUSepKw2pCFESLTMG9f4iNd0&sai=AMfl-YTE_sYCZ-vXqAl2W99wIuUVgIsf1eM0Tdbu_WFoyHQDx62O0Scty1TurXVUJkZfS2jTuzROevJw27abYmXjPfsoUKXMa32uG0NusWXrJm_YhyN9tcU7Zqvtm2WWHnuiTNtdGkUKsK8yesEEOmsIkhiMf2AsY56sg5lAA9cRxYS4to0B7uoThOL9GjEliMeELNlqtb68VVwAur0QItaNMuYPetVYmiNmvdb9IbpcSRCsfYm5nile1gL7Ae1KRIRfX16IWaC2bQ6hcGMcMIfa5yPD_PzpBoEjbteSZNXoWw&sig=Cg0ArKJSzDvtLStgPyvDEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=519&vt=11&dtpt=316&dett=3&cstd=189&cisv=r20231109.88926&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 45ED 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5019faaff2c9a339b05658fd72c81ed3a9e5e5cc316a0bf51d7d1d773b2b181f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 2 KB
3 KB 12ms
12ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98489
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame EDE5 0
0 40ms
39ms Fetch
image/gif 142.250.176.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv_1vye2rdgiopAErBqX_cc8yO12MtcGIL0SOhBQp27CLpSZyPCeIyMgkeFsWzXR_S2XPrYC8KY4yn2fbWYfTR2iRRcIkJmc_HXVILzmp4yI3EDrlRxzUk1fOHcyR7VQCdBRdWXsT0CGaEeIEFicD_o77WU6PfVBTPZJAPohOGgYEAviIOLw7ckrV0u-bywbXAQkzqGcM67lzp2a5LkaLTFREtuNK0DZQ1ibI556Ta3L9q6TcJQK6t6qlPdVfpVMeNv85GA6l-f-nBDNS0qkDfgmjGdSZGy8d981H3rl_ryy9fWx921O9fdTKAgnV1cd6KH_f7ZeG-jb0JXPKMImzFAYmbOsOfIFBMX8L-_zrs2IyqRIQODZ7RPiA4Z7lLPFo6yWBvGot0n0pNiQmtYmizIAwX6o-ODlCfP0f04XEeXdmkmtdtD_hqFmo6XJ1h1RYgbNZ0XxKgqAWia158412niLSF9k3AIwXqSXjuAkEtETvh39Mr2EXQsgNsnk4zaotmweIcuwWWSMJwvXrQBgw_uSx695xvyOKBnI6qi8669kvVEHY-aN6ltHjHiTCBp0f5_5t4rRQ3ySSDQz9p0FPVLdAvcqzVYDBeqgMxN1mAQHg0wqN0Sx07-gvaEx0lZjktPLWF9W_x-p5wYVDnH-pPKiE0wOMrP9I1woFyX4QnX_yvsEXxyrU_DDB7S6vy3AsvPQ4PZuir1oa7ZPWZ6Sf7RgCe1inniyNwwOWRFGItLrA03CDydh1whcoRoVxriRRYJvAqpO5JaUsq75fgwCC0BZ9f6KvzHidkYGf9AM48HY9THEH3vU8CJ6T2VZym4HkU-Ki_nCy4lQnoP3ZK7DftOjqkv3taITWOrf4OfoQ8hG4el_T-byfD_YTqfnjcaXGWrXmymhZceekoxHgL91E0lnB87NBI1CGEk9gzijeIzJEWSvGytwiZEb1apOw0wjgLyDR8-CBgKT5QXWXRndlyFTUBP9VyDKUfjFzFiKZwqSFvWk1XbaN4qCyrJPVQtenaFhtJZFQH7Rsa6C4Er8Tmei7nD-qlI_y6QDv3o07DhdMxORtToZ4ZY5KweAKxeXmN1l41PR4t2bCZUbzehJn07JTuM-c1rWevX6Jd1hR0AgJiGJdn3jiyruVrBOeY0KI4r8VIc0ngNpgupBYOMm6qocDWTE23i8CISEW5nhqCSmZX2u61PvYRF9F_E-8EE7d_9L0QzdYtdj-PLG3STtBye0LFqiwtRB3rRsFNwBLYdflQLB5Po6p11ph2ZXyLzPUiVOkB4LBdfhizc-hw2loOEzDtTIdlybzUB1NzxqK3TzZivI_iScUvVVl-IUocIYnzjHwLSTWZFOrTtzShR3Rgky6VNGEQHaUx4ByhIYCUmqELruAfI&sai=AMfl-YRj-aiyUJcW28xMFum92IbYQDqbHK89pjObRrZAUVPwi75oMGTWoSmOKoSxyv6M-GRVTIpOcvpGpaV7ht1_C3PfFrh4n2N_OQQckb6nbxYbHrUfEi8pFmUUIqYm7WLRTHDegzd3fYf0nl4n5GzQfAxZfCTDcGFCE-kDEhjOw-70xoHB2SJzgrSw_UdoCSQegSsl6Un6mda4w-M6QfHKr2KS0uL7WnxVfP1Qrd-lD09ICYFMWRo0FSvH3f1I_kURWtuOCSk4kSM98hVnL_OA3Y25_bgwZlcUJSurVrT5-g&sig=Cg0ArKJSzN3s_fior5iqEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=586&vt=11&dtpt=389&dett=3&cstd=184&cisv=r20231109.55135&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: xn----0hcdndtvomdb2jb.net
URL: https://xn----0hcdndtvomdb2jb.net/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.176.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 57ms
56ms XHR
application/json 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231109&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4529b2774ac82e5b4c112c67c366df18fd009e0e932f5d6869a0307998b81948

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12372
x-xss-protection: 0

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 2 KB
2 KB 13ms
12ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/preload.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:00:45 GMT
x-content-type-options: nosniff
age: 97934
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 21:00:45 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2C40 7 KB
6 KB 73ms
71ms XHR
application/json 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d8d8cfe04070aeb34be31ad701a0c868a0e273cf19f9c54da601740a024781a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5775
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 81ms
80ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202311140101/show_ads_impl_fy2021.js?bust=31079756

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Nov 2023 00:12:59 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 39ED 8 KB
6 KB 51ms
50ms XHR
application/json 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a8d2c0960028bfb3eead6878b93a52d24206482957ddf344dcadfc518bd811bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5868
x-xss-protection: 0

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 2 KB
3 KB 16ms
15ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 2 KB
3 KB 17ms
17ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/preload.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2540
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 495 B
522 B 19ms
19ms Image
image/png 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a885ae8bc493ef43773599589eb12042f1b26b3274db161945da334d0b05a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 495
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 2C40 29 KB
29 KB 20ms
19ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/poster.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

790513cde059a91b5d9d995b8d84234a18b2f8b58748edf0c97ee6b75dec3455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30157
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 9F6D 8 KB
6 KB 72ms
72ms XHR
application/json 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_250&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0b99106a701b2d7131af4cefb13874b2068f0f6d968620298723d230bcb6ed02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5915
x-xss-protection: 0

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 495 B
522 B 18ms
17ms Image
image/png 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/replay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3a885ae8bc493ef43773599589eb12042f1b26b3274db161945da334d0b05a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 495
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/17520292783638793421/ Frame 39ED 29 KB
29 KB 20ms
19ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17520292783638793421/poster.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

790513cde059a91b5d9d995b8d84234a18b2f8b58748edf0c97ee6b75dec3455

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:51:29 GMT
x-content-type-options: nosniff
age: 98490
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30157
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:36 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:51:29 GMT

GET
H3 200 preload.jpg
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 2 KB
2 KB 27ms
27ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/preload.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 21:00:45 GMT
x-content-type-options: nosniff
age: 97934
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2255
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 21:00:45 GMT

GET
H/1.1

206
Partial Content

file.mp4
r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 2C40
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag...

304 KB
305 KB

50ms
4ms

Media
video/mp4

2607:f8b0:4006:11::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4DDB047A43A5F03C3916D828B79E79E62A854CD5.573E0D7D44C28CD37ABDB7DDEEE4FF9BB3A6BF1E/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:4006:11::7 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

875464bdc2ec77568f282df9433a6334d17faddff2e715c0bc9afee06161ff01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 00:12:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Nov 2023 23:56:07 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-311721/311722
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 311722
Expires: Fri, 17 Nov 2023 00:12:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/4DDB047A43A5F03C3916D828B79E79E62A854CD5.573E0D7D44C28CD37ABDB7DDEEE4FF9BB3A6BF1E/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 666
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2C40 17 KB
6 KB 65ms
65ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Nov 2023 00:12:59 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 457 B
484 B 21ms
20ms Image
image/png 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:48:40 GMT
x-content-type-options: nosniff
age: 98659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 457
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:48:40 GMT

GET
H3 200 poster.jpg
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 24 KB
24 KB 17ms
16ms Image
image/jpeg 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/poster.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41a7a467858add4caa3fa9fe9faafa97476689fb1ce868c2235382db36a0533

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:58:13 GMT
x-content-type-options: nosniff
age: 98086
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24102
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:58:13 GMT

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 2C40 13 KB
5 KB 12ms
11ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=txkykQmjPp&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:48:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:48:02 GMT

GET
H/1.1

206
Partial Content

https://gcdn.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag...

304 KB
305 KB

50ms
5ms

Media
video/mp4

2607:f8b0:4006:11::7
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E09061032D7124247092067D6DCBE692EB3DB89.02B5C16FF71A39DADA90E658D533790CD875F651/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:4006:11::7 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

875464bdc2ec77568f282df9433a6334d17faddff2e715c0bc9afee06161ff01

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 00:12:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Nov 2023 23:56:07 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-311721/311722
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 311722
Expires: Fri, 17 Nov 2023 00:12:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r2---sn-ab5l6nrk.c.2mdn.net/videoplayback/id/46e894b165a728b7/itag/18/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/2E09061032D7124247092067D6DCBE692EB3DB89.02B5C16FF71A39DADA90E658D533790CD875F651/key/cms1/cms_redirect/yes/mh/FN/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5l6nrk/ms/onc/mt/1700179233/mv/m/mvi/2/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 666
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 35BE 0
20 B 80ms
79ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRo2ICrBWZcCPEIej_gSN74f4BwAAAAA4AeAEAg&bg=!b2ylbCPNAAZxrfrxUa07ADQBe5WfOGihefOmZeFui1tFNxDyuPonWvxa_qfe7es6ZVx4Wfusg0QiV9jIIOGunvKT73WBAgAAAWFSAAAAAmgBB5kDENsOjSCc22N48tMhTZj6d8jjFhK8lCij6x_IytH54LOIHgILHu8MwhQbLAMXPLDoOc17LbGKFi6JlsyWmCn7muIJ-3rxz0n-BOZcSXuFPuiG4E7_yYygKkTDoDkQNRtx0TgnXpO3V1GQBI9XmRd8Ma3K8GaWN7Q4UqVUUzu6S2aqV6DgOfUNcFljCD4asRmh5cxZqXLcmIX9UjwxWvjfTcM5cUIibNVVYyC0vaGaQ4XKHI-5fQTjeZnHSLU-7FTk8EAfns0sfeg7RE1b-h_Iu51LrrOQa5SmMtuAKtZ6rdMKQDxUQDO1ojLd9hhVzPSAWTEV__o0gTKBRuYfIf8EXjETzfFvZkv_xIS5p_P6tPhqmD8B2Mh6pyu1ZFAlbXi2mKFauk_MylAPadPDJ6jSlSdCkgP7hRht27QKT2BgD2J_3grBqZsFP0o7adzzvpqvoCycFZDlyQsts6xNxR0vZvPXk7HS648W2t6ImG8wRNDakcqMQKh8FNDoXC8_jS_RSTo5ezWWt2cFS9y2GDiYjwAffulPUtlvXLncYHo16gEtigeg6u-3qiBOujj1xdXJcdq00fRrBFpE3bFatw1RlL_A0VAIF_f86Wc_ADrfbsvdyLR_Qu8vhgI7EHNjRUmBjifu1KKwTqTMO1t_7GoRZgATnYKQaNMl7tKwShAF7MxnyyAjKac_Ib9Gz65l0JZjln6n9A8xSZ9UY2w6JMx1idfw8zHihI1eIIb64Fv1OKHxkeRmO13qzCJrADlsbA-P02b8dVqKNYSTM_oOK7vSpvNtnfiytrKvaNRfTCmpGD8yJfSyAagM5A27JkRJKmD8R3_3rnilHFQLcG6TX0oD3xOnzBHzRV3vKHjefeUwdY2HBRlt8bqN3AwSx6dg8l5Z-PU8LWb5lkyG4xhOTh4mHk7biZRO-8VgkdG4-hGllSOD4BI2KZ6Ksalj9NpoxyZAwmf8w9GT0cuamQNUjk-YYhofx3VlVGHW4T5pcLinn_C4RNYRpUaDfrwuOf0dl4_MH9wzklDasXX1dK5Ou3ICSfA

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 39ED 17 KB
6 KB 42ms
42ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Nov 2023 00:12:59 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 41CC 0
20 B 45ms
45ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bmzc8CrBWZZCRDoGVoPMPqeC1yAsAAAAAOAHgBAI&bg=!XF-lXxDNAAZxrfrxUa07ADQBe5WfOGTmkyy3XPq4k7qydMTnch_OhYvzDu9KWF3udDfxr_CQ2OLz4HgyJAP-BjvzXm5nAgAAAYJSAAAAAmgBB5kDD54SlaTUTE6r_QGppSKPI2MGdU1pUj20oBcao4tdZwkiWbESs0aN6cb7yPo-L9UOlQGeGWADT1mr8eZvQM2x4MWroohzJLyAAIAn88Frcpx1IbQiKVfJsp21pVqCRUicdJeMrPzW94_byvwVrEwJfig5bma-03w56Vm8543loBWBb6HjCwigXk9l96oC__eXpzE6Vh5CqUffMwco99WlbF5zbx6M9oWKVv4XsE_FmoGXJ6lkHum4hB5O1EG196ZYC3L4px-QLo2oPPvGwUMr3K7kStkwsie6O8yeOvm7VQ87bHEieZ7ZADaPu2geCtC91bz68aZp0DIRI4oZmYjJJ3ixzBElO_ADkdjCC2Jyx_nytl2XMTVlVMR2XcwlKWtgZeuFPTJ6U6FbWLsPLbDjbAX35gi20uiW_mfM2GQjJK4ait9KzA-54NiRFW4yOFEEDKZ2ZokPgg-abwF2eMAyzbVDEvq3gmXvGCsunxlISujnsfuVS2-hZl4Wsb66qRydu3OtI7rVYmUBtD-0TVHg0R_RgZMeXGCmOux-QFQVSFc4mQKjrzFq5c0SsKgV-NTvg9LcyYcQrwaHG2mooAKfR4pUWjIqpzTBmYZ375kVm5WPv-L6OB2pCUoZfD2fcj2RO4jgd9TAoT7ztq4NGHxuVW9vT2IYyOapVQs9nKEvh-vtXHiRTrckG1PT9e1qXdFwwO0XIptc1P71RTyeaAnvFHW2cDedrFDhaOcWlXHdQ3yw_zOl7X70aRjpNKFRFKsJjmO62BXSz50jD0WmlKQ8mLXz8XJSxerHQgcjqw4AiFSw0kedMpeFuwRglRcYCReDBe09Ll-eENIGKJJfc0KpDHr6DRw-1-OxkhQw3Uz4r5n6eYAAJCsOixlJcCr3Rp8pH2sni8PzLHnZ_EqV0ZKtF60fA_3WmsvOk3dnBJgM8vsjP4Jwi8_zIROrw1kJ75rNHyDtHHyKxWll4QZqWGoADcE6r-3KRpCIOe_sbQr4WU8IPCmmIag3PpMVNeqAqU7YrKHqaqxu3fyI2RBKmT8_cw

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

206
Partial Content

file.mp4
r1---sn-ab5sznzz.c.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,... Frame 9F6D
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signat...
https://r1---sn-ab5sznzz.c.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag...

228 KB
228 KB

52ms
6ms

Media
video/mp4

2607:f8b0:4006:d::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-ab5sznzz.c.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7E6C67CCCE7801DCF95DBDB37EBED936A122FE9D.2F8DA64044F23C97BF6757508A7D0BF6AAF8A7DE/key/cms1/cms_redirect/yes/mh/HI/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5sznzz/ms/onc/mt/1700179233/mv/m/mvi/1/pl/48/file/file.mp4

Protocol

HTTP/1.1

Server

2607:f8b0:4006:d::6 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

6e8d39cb9d8837e07665bf120555be84d5d4eabaface139bf987f7c844b688da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date: Fri, 17 Nov 2023 00:12:59 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 06 Nov 2023 23:55:44 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-233271/233272
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 233272
Expires: Fri, 17 Nov 2023 00:12:59 GMT

Redirect headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-ab5sznzz.c.2mdn.net/videoplayback/id/f09920780352deef/itag/59/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1731715978/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7E6C67CCCE7801DCF95DBDB37EBED936A122FE9D.2F8DA64044F23C97BF6757508A7D0BF6AAF8A7DE/key/cms1/cms_redirect/yes/mh/HI/mip/2a0d:5600:24:1500:1011:59e5:617a:c05a/mm/42/mn/sn-ab5sznzz/ms/onc/mt/1700179233/mv/m/mvi/1/pl/48/file/file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 666
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 39ED 13 KB
5 KB 12ms
11ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17520292783638793421/index.html?e=69&leftOffset=0&topOffset=0&c=eazTl3PGix&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:48:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:48:02 GMT

GET
DATA 200
OK truncated
/ Frame 9F6D 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 prod_studio_01_250_videomodule.js Show response
s0.2mdn.net/879366/ Frame 9F6D 13 KB
5 KB 16ms
16ms Script
text/javascript 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_250_videomodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Thu, 16 Nov 2023 20:48:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12297
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4955
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 21:28:43 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 17 Nov 2023 20:48:02 GMT

GET
H3 200 replay.png
s0.2mdn.net/sadbundle/565833720234484356/ Frame 9F6D 457 B
484 B 14ms
14ms Image
image/png 2607:f8b0:4020:805::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/565833720234484356/replay.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2006 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/565833720234484356/index.html?e=69&leftOffset=0&topOffset=0&c=vqXymFqFtg&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:48:40 GMT
x-content-type-options: nosniff
age: 98659
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 457
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 23:55:14 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 14 Nov 2024 20:48:40 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24BC 0
20 B 81ms
80ms Image
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B5JjxCrBWZc-JEY2A_gSP3ZPIDQAAAAA4AeAEAg&bg=!DwylDEPNAAZxrfrxUa07ADQBe5WfOOAzMn0D05a5Z2ySdz4OHUZPxTVgbpbquCvoBvmEnq30L-TqPClLhGvEAmV1zFSyAgAAAYBSAAAABGgBB5kDEtImn4rTS8IfOm_Z7DI87mRl9zE6tTv8NBgKmiyM8QCeapXy1PYMYEIE0NBZ5A6XKDY8nizK2GserAwGB0kaQhbgv9GHs4MabEIVMoQ9re821mD9o6L6cmL8hgtA2C9aVwtgVlmKHtpepZHt94F5Be9p_J2W8xCtb-qAkQHMh88DLvpU0-h-1g1-ivO_LT2vWaRuw40yCxChYoIwUQx3-n1klMXNM_Vp-Ic_1b9MxIdDTcT6LM5f1vPIGzKA12xh4eUGYpU1qOAKIe4C3MVNoMoMKBIpaKtKmfUiz2t3IMGN_oENzKKdbBAi6eFdD_0niVSfov1PGEzrxLV8ISEbyklbe5Ao46bj8XkJDpz9pnEDwn9wGlIyo5YAjeEgAGIFIC1iQWprEVn6wsyRtyd0ItZxEiiDenrzCkgsPx621Y6oastR12pZVc_Mg6Nvkd8zJDcyZ_LqUTMrefTeP_y_8n_3L8c_QcIhw7OUEjcb2Q5iTqFy89sM0k7FCrTLBUKiMT_IpB7Mk6ORBIj745gPNuLDth75Bzj3GSjpT9QqEBNU8Hc8F9UU_2XPsaECQOqPy0ixtfkdThv00CvhWbLSJpy-iuzIHdk9eVU_mgWkziFS54mLwKL1jfLG4QtcNLZxMIdqvGoY63lCfZ51S6BDsoPupryXhuEaGFtGdezywKZsRzwliZuKZzCPdPw3xp9tadL66SNaMvbn6YoQMAhvbo0xLelA8PiOg6vKkToMto7NTd7lV0jUi71boiWlGRJexgMmvlqyaexJUY0c2qitOzgiTLtKWedz0Mu6-nKkAgFyBZWG7yFs1xW7bWJXK5oxCL-gpLkB8OgzQ-rwxNFq-26tRr66nDiAjP7LoLIyvyGpKmxBClOgiPR-XmUdo8c97Afq779h4ZkrjMeYvG_KbhzjW30o4NUUyEoMFmupLmfe0k9iHcKKvgig5ln_p9ONoTW9Xc6xXoFw0pHu-6lb8tzldHzBpXJMBYx7-qHSS6jF-3uUjPKdG86ZgaRfIx9-oLlhaLyqYkH-KCIw2H-kIyf5UQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame FF41 13 KB
5 KB 18ms
16ms Document
text/html 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 98249
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 15 Nov 2023 20:55:30 GMT
expires: Thu, 14 Nov 2024 20:55:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 19EB 829 B
998 B 56ms
54ms Document
text/html 2607:f8b0:4020:805::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

8912e289a15913577f1d6d586288113a818581c32732e8c7e778b1f878d1365a

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-BjvX-fuxLiuoWwk4n34-pA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://xn----0hcdndtvomdb2jb.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-BjvX-fuxLiuoWwk4n34-pA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 17 Nov 2023 00:12:59 GMT
expires: Fri, 17 Nov 2023 00:12:59 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F6D 17 KB
6 KB 54ms
51ms Script
text/javascript 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_250.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 17 Nov 2023 00:12:59 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 29E6 39 KB
15 KB 15ms
14ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 67CE 39 KB
15 KB 16ms
15ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame FF41 39 KB
15 KB 15ms
14ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 200 GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js Show response
pagead2.googlesyndication.com/bg/ Frame 7F15 39 KB
15 KB 14ms
14ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/GOa2ZK97xVqw-WOSDw2lqG4V8l_qTiI5JNj0tnI6N88.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Wed, 15 Nov 2023 20:53:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 98341
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15296
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 16:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 14 Nov 2024 20:53:58 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 19EB 0
0 79ms
78ms Image
text/html 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231109&jk=989538058937027&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

GET
H2 200 dc_oe=ChMIwLyi_d_JggMVh5GfCh2N9wF_EAAYACDwiNZhQhMIuePD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979445;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame EDE5 42 B
107 B 98ms
45ms Image
image/gif 172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIwLyi_d_JggMVh5GfCh2N9wF_EAAYACDwiNZhQhMIuePD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979445;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIz7aj_d_JggMVDYCfCh2P7gTZEAAYACCOzLhhQhMIuOPD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979485;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame 45ED 42 B
107 B 59ms
46ms Image
image/gif 172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIz7aj_d_JggMVDYCfCh2P7gTZEAAYACCOzLhhQhMIuOPD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979485;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIkL6g_d_JggMVgQpoCB0pcA25EAAYACCOzLhhQhMIt-PD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979487;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;
ade.googlesyndication.com/ddm/activity/ Frame 50CD 42 B
401 B 56ms
45ms Image
image/gif 172.217.13.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIkL6g_d_JggMVgQpoCB0pcA25EAAYACCOzLhhQhMIt-PD_N_JggMVTdntCh2SDg5k;met=1;&timestamp=1700179979487;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=0;eid3=11;ecn3=1;etm3=0;eid5=12;ecn5=1;etm5=0;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.13.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EDE5 42 B
64 B 80ms
80ms Fetch
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvxrGZdwXcAGv6D43_5rkDAkDsvvBODSaLOJPBLB9Otm4R9tQVbT1rLvLSwOrxXc_CI9_m09Qca1dxavv59fKcFc2YlD8FvShi54k91w52lftQLpFAAtK9uE8_5caIVwtBY_GXAkMl4MQ&sai=AMfl-YR2i6LeVOvBuLRCGe178QqgJN6z00Eo2790OMtzJW0a0vnlCAr2h6Wg0xDC8uEZuKdnb7cOAz2RWqKM-LWAytmOqxDweBrTJDmylIDol5rncWrt10DH5BQl9iCcQfyL74omfyP68s8LIKdkBv87eA&sig=Cg0ArKJSzO6bhTtkCBnqEAE&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&id=lidar2&mcvt=1010&p=0,0,90,728&mtos=548,1010,1010,1010,1010&tos=548,462,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700179978086&rpt=432&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame FF41 0
10 B 16ms
14ms Image
text/plain 2607:f8b0:4020:805::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?_QSb3w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:805::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date: Fri, 17 Nov 2023 00:12:59 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 50CD 0
20 B 79ms
78ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8529284972716&version=m202309260101&ct=119&x=1&cor=7355715054277182000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:12:59 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 45ED 0
20 B 75ms
74ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=7168203434880&version=m202309260101&ct=119&x=1&cor=14639006913484452000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:13:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDE5 0
20 B 75ms
74ms Ping
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6192804048907&version=m202309260101&ct=119&x=1&cor=704642640893397400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:13:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 50CD 42 B
64 B 80ms
80ms Fetch
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvWbZso2oxew8WJROq9HCcnyrMkNeHtQwunnQilj07rrBM1pqXNxBl07pwCKdC4n82wIQ125iC3JDDIRy_vXYoFqMUzf3c3acOJsirQHe03WAoqWEsbuiVcfGEaZ6m1aQcUqtFm0w0Axg&sai=AMfl-YS-Gz8X-QLSXR6m8LzbdtW9Adn7CECEh5ptKTXVrjfSx_bEE3lD6cn4AM1SkkPB9_9qA_bMdlWZ3BSh0J-ui9mrF9pXlI4fRlb_waaVDEhlLO20UBGCWUjHqOg4SI7rnU2jcUIN-lASHJ5sSLDi7g&sig=Cg0ArKJSzDVjnOxWAOcQEAE&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700179978047&rpt=364&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:13:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 45ED 42 B
64 B 80ms
79ms Fetch
image/gif 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuEoGx7RRi5Ekm6bMDpDAjq6XSOKvn4MD3y9t9RyUfqHbg3zfUx4ajO0XKfg20Sf-BXBYN1d78Ae-OB5q1k6briDgNvO2srJAzsnCSaN7TEgp8zZrSKN9nOWw88CFQ6j4--a1jFo2Fk4g&sai=AMfl-YRZ5FW2tX7isyHIUgLB4mKfgUeyCL25BL5HMK1YaVbvdT_VfmANPRWPJuOR2f7bMu6MrJAcsKq-BD61oCA6wk5iqOKkugXyX9mBZEclhU9hkMSmu3lPnSguo4Ej7q-Q45aY-Zyotyv5_2ioFau4Lw&sig=Cg0ArKJSzKGXSy5ezdC8EAE&cid=CAQSTwDICaaN4cxGYJTYKRjSnvhZAWpg_WRQndBqcRINzDAds02x3UkiwAmxkdK2Afi6Z8ohhjYwDYiSBkgxdWAZUV79f1zP31-C8BIEdsTTl1QYAQ&id=lidar2&mcvt=1005&p=0,0,600,160&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20231115&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1700179978065&rpt=410&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 17 Nov 2023 00:13:00 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 80ms
79ms Image
text/html 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231109&jk=989538058937027&bg=!7-yl7KPNAAZxrfrxUa07ADQBe5WfOGRd1Ryq8rlZ9Vwcw2EqHBu4io_0LUQAwqPSfyLbqZI3oZfWk_6-5yonXL9GqfhvAgAAALlSAAAAA2gBB5kCvWBUtoOv2FSytnjuM2ulSqjRpb04TQbS5zGIkCRqSk9i19KbgHEg07TbgyurpK_284C3Ti1x4aq5327d_SHomDV1IacTml_8mKz8EFVeVRrdl9Doz3-toXYMn1T-yfIVYOxUiZ7-RMiZs2pmO0eCsVVOZuHO05Mj1gexO-X_HMmby9e37-1hlDy1e7xDm1v-uMBWEkEBbeiGv1gQkZYuz2SR11hFfqXqVWIDLOvgGAWcU8OVA_t0yYPNLSZ0T3wwOw-_yjlELUtgMIxuTyuPYTDuSvA7BMklIBSoXIT1W8K6jkFh84Eg1L3VmtGNNBP3fq6qk605fH3_YTEyTlN9J-j5BVqRgcxZFAcHg0VppCWCq9h0AL9mDfWyK6NdrZCcyrEDMH1DgOQ4kiyfTRHP9U6lS4H4iuU6Y7ngEXQnpnuqyxb9toYBKx1uD3T_8jWN7DHXJrZOvvycjWUTAvMrwUgPCwuab2sn97rbsklu-3hCMhb5h56kQnOBncCPDI-Ye1-01iIYLF0OGn4vcSS1UI7DsZZKk9I6l5F6KA_86Z-0yVV_hYVwfeCMQi5-c05MN7wXJaQOLRtpmvIBe0xGa16JXwBI0KqBKl-3ZTjSo17hgP4PyxadVifjKH6quxskz42Ap_o5Wko4hmVxkHUna2X5jNvD_k7DdmEVe_NVMny4lojWWfgKfvKu-ourcq2kCyDKCmy6e-L6IzbpeKpulc3oOzHr94JT-M7h7OOQvlRPQLmZePxtXUqS-T9dWzT38zGcIsJBq5OyV8TzuxljT1UP2guX60_mqLDgjC7diUfT75bfPV-ZWgRY8W8Urmgt7Y5FHZ7GpJHdQQGnAeX9KW2eYIW7DdcyC4yArnqaWzH4nH2Nm39OiYDZrcolAgKLddV8RTlKaLnW2HpP9kb7L0w5g7mc4xkG2Mf4eq2m
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://xn----0hcdndtvomdb2jb.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELKZG2bYpOsO-mPoRxbCr5w&google_cver=1

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Verdicts & Comments Add Verdict or Comment

92 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
xn----0hcdndtvomdb2jb.net/	1970-01-20 16:19:12	Name: poptin_old_user Value: true
xn----0hcdndtvomdb2jb.net/	1970-01-21 01:01:55	Name: poptin_user_id Value: 0.qemd0j21twm
.xn----0hcdndtvomdb2jb.net/	1970-01-21 01:52:19	Name: __utma Value: 12921726.869174392.1700179976.1700179976.1700179976.1
.xn----0hcdndtvomdb2jb.net/	1969-12-31 23:59:59	Name: __utmc Value: 12921726
.xn----0hcdndtvomdb2jb.net/	1970-01-20 20:39:07	Name: __utmz Value: 12921726.1700179976.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none)
.xn----0hcdndtvomdb2jb.net/	1970-01-20 16:16:20	Name: __utmt Value: 1
.xn----0hcdndtvomdb2jb.net/	1970-01-20 16:16:21	Name: __utmb Value: 12921726.1.10.1700179976
xn----0hcdndtvomdb2jb.net/	1970-01-20 16:16:20	Name: poptin_previous_url Value:
xn----0hcdndtvomdb2jb.net/	1970-01-20 16:16:21	Name: poptin_session Value: true
xn----0hcdndtvomdb2jb.net/	1970-01-20 16:59:31	Name: poptin_c_visitor Value: true
.xn----0hcdndtvomdb2jb.net/	1970-01-21 01:37:55	Name: __gads Value: ID=14b5d1032b1d961a:T=1700179976:RT=1700179976:S=ALNI_Ma7TpeY44x8ZaJIB3jHU2Krc6_tgA
.xn----0hcdndtvomdb2jb.net/	1970-01-21 01:37:55	Name: __gpi Value: UID=00000da240ed278c:T=1700179976:RT=1700179976:S=ALNI_MZ9MdrcCtQ7oBRG8RABKE3yvoDWHA
.doubleclick.net/	1970-01-20 16:16:23	Name: DSID Value: NO_DATA
.doubleclick.net/	1970-01-21 01:52:19	Name: IDE Value: AHWqTUlZnD1Mjxkyb-DCeIzMYVYo88lqKMdRDUwVKsQ6AkhN0gc7BbRMVgCvcDqlxjI
.adnxs.com/	1970-01-20 18:25:55	Name: uuid2 Value: 4858652466621535917
.casalemedia.com/	1970-01-21 01:01:55	Name: CMID Value: ZVawClRBAV9j5o3WDsdzQQAA
.casalemedia.com/	1970-01-20 18:25:55	Name: CMPS Value: 029
.casalemedia.com/	1970-01-20 18:25:55	Name: CMPRO Value: 029
.teads.tv/	1970-01-21 01:00:29	Name: tt_viewer Value: 671b2b6e-b805-4c99-a575-52797608eda0
.openx.net/	1970-01-21 01:01:55	Name: i Value: 5454efca-cbae-4ee7-8915-7d9d2f4331e0\|1700179978
.googleadservices.com/	1970-01-20 18:25:55	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 18:25:55	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%wcy/TO!]tbPl1M>e)ZlrFUfJ+tGXxoyQidPNSaaq1aaJ).97bO?:b=4]%K=mBLCG'bpRzqF1`b^Lv)l5Rx
.doubleclick.net/	1970-01-20 20:35:31	Name: APC Value: AfxxVi7xpat_AxloZVj1LN1Fe7_nZY2DZHHuVpaYqHnUTWBrCCw6jQ

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESELKZG2bYpOsO-mPoRxbCr5w&google_cver=1 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
cdn.popt.in
cdnjs.cloudflare.com
cm.g.doubleclick.net
display.popt.in
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
partners.tremorhub.com
r1---sn-ab5sznzz.c.2mdn.net
r2---sn-ab5l6nrk.c.2mdn.net
s0.2mdn.net
ssl.google-analytics.com
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
us-u.openx.net
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
xn----0hcdndtvomdb2jb.net
sync.search.spotxchange.com
142.250.176.194
172.217.13.130
172.217.13.98
172.64.151.101
23.204.69.95
2600:1f18:612b:4216:d296:b4ab:44c7:4070
2606:4700:3031::ac43:8ac9
2606:4700::6811:190e
2606:4700:e4::ac40:ae06
2606:4700:e4::ac40:af06
2607:f8b0:4006:11::7
2607:f8b0:4006:80d::200e
2607:f8b0:4006:d::6
2607:f8b0:4020:804::2003
2607:f8b0:4020:805::2001
2607:f8b0:4020:805::2002
2607:f8b0:4020:805::2003
2607:f8b0:4020:805::2004
2607:f8b0:4020:805::2006
2607:f8b0:4020:805::2008
2607:f8b0:4020:806::2002
2607:f8b0:4020:807::2002
2607:f8b0:4020:807::200a
35.244.159.8
68.67.179.164
03656ff565d2cc90c3b8f2c1963c5804304e5d9dc796e920db21a6db906a942d
06e9d39e8bdfc0d3f091857e2eb2686f3e681fb5c8f30830cdff18d37b6cedb5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0b99106a701b2d7131af4cefb13874b2068f0f6d968620298723d230bcb6ed02
0c21f21f7b1658ed6ab5c0461020a21d62f9e0a7cd7cf3d9e6ef61a2c481f31e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18e6b664af7bc55ab0f963920f0da5a86e15f25fea4e223924d8f4b6723a37cf
2881d8eadc298102d2462e8d32e40792adce37b6cd89d99045f574eb3ecbb748
28cec63b49cda565895bb6ee16863158ccacb9421b7b5a0887ce745949543d37
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
31d02f43dd0c7fc5c0d95db087a23f1c2d729c93f10450884c8da6b415f7839b
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
36317d22cefa939580c4170d71538e5a38e10997755399a78ccee8a294df9bb3
37fcfaf3ac4bda7c891364e309cd969c11ef016fdca39a4357d70d450be0be51
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3a663467e111fd2237a1bc5255e8d702b099f29cb553ecab24efe98cbf898b5d
3a885ae8bc493ef43773599589eb12042f1b26b3274db161945da334d0b05a65
3c30eaaa059a466037880c18c01c2fe94183d8e67eaab42061d4d2a180114658
3f9c51406c104b9d5edb7acb5745bfcf7c4a4b1ef51e63f0d5a366d7f39d42eb
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4529b2774ac82e5b4c112c67c366df18fd009e0e932f5d6869a0307998b81948
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47a0342d90a877ec7125c3a38706b2faefa9b867661ebcef4a98ec6cf3e60b40
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d8d8cfe04070aeb34be31ad701a0c868a0e273cf19f9c54da601740a024781a
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5019faaff2c9a339b05658fd72c81ed3a9e5e5cc316a0bf51d7d1d773b2b181f
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
543779a70e3982213bc842b5c40810e5e65386777b36738310bb5b4f5d367aaa
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
59a4409e8fff44bfb6210a7e7a8a469d7682095d500ee4dd5b9df16b2e8b6be0
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5dee401ca619ddd028d12fd072f23decb09a8523a395467a32e1d37eade263c2
5fb04e7e63910cb1c70b7184261bbd6d6531dc7498b58023035096b142b23e20
610d24f5996131b3ab98f18e05441cc246aa8674c3842df0df2b40b57ac9fd0c
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
626f9bce9b569338a6b44f46555e983cd6c0d4ead69749a428b5c7582e18c811
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
682ea4a49bafd3e0e6dfc629d601e44db6975ade7a6d579ef68e3b769a35ae8f
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6c69a4b26de0151dc5a9ed26766a4f9dacfd5df6522c2c757145e3a0de22bad2
6e8d39cb9d8837e07665bf120555be84d5d4eabaface139bf987f7c844b688da
7599e0a5ce1ba2a12f036e998e19e60b6e982178e4363d4630ab3a91ca73bf62
76d0652bfa446a39ce12aa3142456b7ef18a0f23ddd486bc035b811221194c72
790513cde059a91b5d9d995b8d84234a18b2f8b58748edf0c97ee6b75dec3455
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
864c68610ba0c41b5585b830852ad4bd587afd25caaa2ebfb9fa9539300c2935
875464bdc2ec77568f282df9433a6334d17faddff2e715c0bc9afee06161ff01
8912e289a15913577f1d6d586288113a818581c32732e8c7e778b1f878d1365a
8f665ba5c27890ebed553836dee5572ad583c0a65374373741ec0a5309df2b5a
90ba18cf7dd4ea6d0fc9720a6dd50d7778c6d1cbb573fb55771cf5de583cbca7
9ddc2ccf2c98b0a6fcc039d8c9f666619077935b3dc18aeb5ed12164b51e8b6a
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2cd4fc9197326d8af06b92119325e53357f6864d732f73d3111e1157e387c89
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a8d2c0960028bfb3eead6878b93a52d24206482957ddf344dcadfc518bd811bc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5d3cef2ff068fa56f30a43399653576a76ea5f0470a0a88b161a0ac31b6db72
b9dcc63401251a6b27ceebac0121e2d6b76d216928e908865213468e5a6c4c1f
b9e9bfef716dc3479137dfbd6591bc7ee2087a2770005f7741e4cc6895b7b233
bd52f4e4890c431eb58b43da9c37292ebeb1f2c3ed5a40b1d56ba368c2aa24f2
bf3ae3cb276e14b8260f0a5581a6da12c86d3963549a2747e0099a0d85361412
bfcc37ec3595c7d400e6566ceb4fe675ae993db6b9d6beeb0dbd66f6befdf2be
c4701179c17827a7d417dbc7d9a40cdd6fbb0112d29e90b822bbf5b2a33d63af
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
c64bc40632fa695cc9d2625524e1708a17f7c331fab12a9cc46a78eddc362257
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cf940bd2489897434455528323cf66c4e3aecd5eea963f1d99d96acd452d6dd4
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41a7a467858add4caa3fa9fe9faafa97476689fb1ce868c2235382db36a0533
e6ecfd1daac5c0eac2b8e47c43b893aee49524cdd77ff16a0c2b3fc792eac0df
ea2241751dc07098e5630cec9ecd70620e16a2f32980bd22c007cd15d85e819a
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4105cbd632d40511df1fa7a54502f12bdf81702390745f599d7dc2fdaa33baa
f68b49b743e29d28f46d9321318cd1fbdc017ddd6a4bdcdac1730ffc20b9f60e

xn----0hcdndtvomdb2jb.net Open in urlscan Pro Puny מילון-אבןשושן.net IDN 2606:4700:3031::ac43:8ac9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

175 Requests

91 %HTTPS

72 %IPv6

18 Domains

27 Subdomains

25 IPs

2 Countries

3014 kBTransfer

7518 kBSize

23 Cookies

3 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

xn----0hcdndtvomdb2jb.net Open in urlscan Pro Puny
מילון-אבןשושן.net IDN
2606:4700:3031::ac43:8ac9 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

91 %
HTTPS

72 %
IPv6

18
Domains

27
Subdomains

25
IPs

2
Countries

3014 kB
Transfer

7518 kB
Size

23
Cookies

175 HTTP transactions
6 data transactions