urlscan.io logo urlscan.io
SecurityTrails logo

le-partners.com Open in urlscan Pro
5.101.153.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://le-partners.com/
Effective URL: https://le-partners.com/
Submission: On August 22 via api from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 5 countries across 16 domains to perform 89 HTTP transactions. The main IP is 5.101.153.2, located in Russian Federation and belongs to BEGET-AS, RU. The main domain is le-partners.com.
TLS certificate: Issued by R3 on August 2nd 2022. Valid for: 3 months.
This is the only time le-partners.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 5.101.153.2 198610 (BEGET-AS)
7 46.4.104.244 24940 (HETZNER-AS)
3 74.125.24.95 15169 (GOOGLE)
3 95.216.10.178 24940 (HETZNER-AS)
2 12 77.88.21.119 13238 (YANDEX)
1 74.125.24.94 15169 (GOOGLE)
3 151.101.65.195 54113 (FASTLY)
1 172.217.194.128 15169 (GOOGLE)
1 104.18.41.98 13335 (CLOUDFLAR...)
1 199.36.158.100 54113 (FASTLY)
7 142.251.10.154 15169 (GOOGLE)
9 74.125.68.154 15169 (GOOGLE)
1 205.185.216.42 20446 (STACKPATH...)
1 74.125.68.155 15169 (GOOGLE)
1 142.251.10.157 15169 (GOOGLE)
3 172.253.118.132 15169 (GOOGLE)
17 142.250.4.132 15169 (GOOGLE)
3 142.251.12.105 15169 (GOOGLE)
3 74.125.68.94 15169 (GOOGLE)
2 74.125.200.156 15169 (GOOGLE)
89 21
9    5.101.153.2 (Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: ssl.crystal.beget.com
le-partners.com
7    46.4.104.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.104.4.46.clients.your-server.de
rotarb.bid
3    74.125.24.95 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f95.1e100.net
fonts.googleapis.com
3    95.216.10.178 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: static.178.10.216.95.clients.your-server.de
checke.biz
offinator.com
12    77.88.21.119 (Russian Federation)

ASN13238 (YANDEX, RU)
PTR: mc.yandex.ru
mc.yandex.ru
1    74.125.24.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sf-in-f94.1e100.net
fonts.gstatic.com
3    151.101.65.195 (United States)

ASN54113 (FASTLY, US)
cdn.zx-adnet.com
1    172.217.194.128 (United States)

ASN15169 (GOOGLE, US)
PTR: si-in-f128.1e100.net
storage.googleapis.com
1    104.18.41.98 (None, )

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    199.36.158.100 (United States)

ASN54113 (FASTLY, US)
site2text-2021.web.app
7    142.251.10.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f154.1e100.net
securepubads.g.doubleclick.net
9    74.125.68.154 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f154.1e100.net
www.googletagservices.com
pagead2.googlesyndication.com
1    205.185.216.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map2.hwcdn.net
a.exdynsrv.com
1    74.125.68.155 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f155.1e100.net
adservice.google.com.au
1    142.251.10.157 (United States)

ASN15169 (GOOGLE, US)
PTR: sd-in-f157.1e100.net
adservice.google.com
3    172.253.118.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sl-in-f132.1e100.net
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
17    142.250.4.132 (United States)

ASN15169 (GOOGLE, US)
PTR: sm-in-f132.1e100.net
tpc.googlesyndication.com
3    142.251.12.105 (United States)

ASN15169 (GOOGLE, US)
PTR: se-in-f105.1e100.net
www.google.com
3    74.125.68.94 (United States)

ASN15169 (GOOGLE, US)
PTR: sc-in-f94.1e100.net
www.gstatic.com
2    74.125.200.156 (United States)

ASN15169 (GOOGLE, US)
PTR: sa-in-f156.1e100.net
googleads.g.doubleclick.net
Apex Domain
Subdomains		 Transfer
26 googlesyndication.com
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 123
tpc.googlesyndication.com — Cisco Umbrella Rank: 159
217 KB
12 yandex.ru
mc.yandex.ru — Cisco Umbrella Rank: 3880
74 KB
9 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218
googleads.g.doubleclick.net — Cisco Umbrella Rank: 52
250 KB
9 le-partners.com
le-partners.com
195 KB
7 rotarb.bid
rotarb.bid — Cisco Umbrella Rank: 153183
20 KB
4 google.com
adservice.google.com — Cisco Umbrella Rank: 88
www.google.com — Cisco Umbrella Rank: 9
2 KB
4 gstatic.com
fonts.gstatic.com
www.gstatic.com
46 KB
4 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 54
storage.googleapis.com — Cisco Umbrella Rank: 466
8 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 194
115 KB
3 zx-adnet.com
cdn.zx-adnet.com — Cisco Umbrella Rank: 185549
20 KB
2 offinator.com
offinator.com
12 KB
1 google.com.au
adservice.google.com.au — Cisco Umbrella Rank: 91302
792 B
1 exdynsrv.com
a.exdynsrv.com — Cisco Umbrella Rank: 56135
39 KB
1 web.app
site2text-2021.web.app — Cisco Umbrella Rank: 376859
415 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 706
412 B
1 checke.biz
checke.biz
8 KB
89 16
Domain Requested by
17 tpc.googlesyndication.com securepubads.g.doubleclick.net
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
tpc.googlesyndication.com
12 mc.yandex.ru 2 redirects le-partners.com
mc.yandex.ru
9 le-partners.com 1 redirects le-partners.com
7 securepubads.g.doubleclick.net cdn.zx-adnet.com
www.googletagservices.com
securepubads.g.doubleclick.net
7 rotarb.bid le-partners.com
rotarb.bid
6 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
le-partners.com
3 www.gstatic.com 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
3 www.google.com 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
tpc.googlesyndication.com
3 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 www.googletagservices.com cdn.zx-adnet.com
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
3 cdn.zx-adnet.com rotarb.bid
cdn.zx-adnet.com
3 fonts.googleapis.com le-partners.com
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
2 googleads.g.doubleclick.net 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
2 offinator.com le-partners.com
1 adservice.google.com securepubads.g.doubleclick.net
1 adservice.google.com.au securepubads.g.doubleclick.net
1 a.exdynsrv.com le-partners.com
1 site2text-2021.web.app storage.googleapis.com
1 geolocation.onetrust.com cdn.zx-adnet.com
1 storage.googleapis.com cdn.zx-adnet.com
1 fonts.gstatic.com fonts.googleapis.com
1 checke.biz le-partners.com
89 22

This site contains no links.

Subject Issuer Validity Valid
le-partners.com
R3		 2022-08-02 -
2022-10-31		 3 months crt.sh
rotarb.bid
R3		 2022-06-26 -
2022-09-24		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
checke.biz
R3		 2022-08-13 -
2022-11-11		 3 months crt.sh
mc.yandex.ru
GlobalSign ECC OV SSL CA 2018		 2022-05-21 -
2022-10-31		 5 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
www.averry.xyz
GTS CA 1D4		 2022-08-21 -
2022-11-19		 3 months crt.sh
storage.googleapis.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
offinator.com
R3		 2022-08-13 -
2022-11-11		 3 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh
web.app
GTS CA 1D4		 2022-08-12 -
2022-11-10		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
exdynsrv.com
R3		 2022-08-01 -
2022-10-30		 3 months crt.sh
*.google.com.au
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-08-01 -
2022-10-24		 3 months crt.sh

This page contains 11 frames:

Primary Page: https://le-partners.com/
Frame ID: E76614AA1C0D4B9C7D67A493B7576750
Requests: 51 HTTP requests in this frame

Frame: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4BAD8E5C59B694F0AB0FD2E4BFC425D6
Requests: 1 HTTP requests in this frame

Frame: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: DD82FA3462F5DAE1E4400AC8E75302BE
Requests: 8 HTTP requests in this frame

Frame: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 87E4610F4A85A5B778B4B14D689C88C7
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: A0CF41F4B8007E7C20AF7A208121049A
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 2280754AD251DC86233F7C8B6D217BD8
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: FE8C592AF3E67AD3B8320364B0F09946
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html
Frame ID: 5314BD6972F51FC144823505FBF344A7
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8AC4CA15737C4B280C64FEA3A870729F
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 467D36DC3C61DF5EB8120383B9828F44
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
Frame ID: 670919E919473ACAD189B87C720CF91C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

le-partners.com - le-partners.com

Page URL History Show full URLs

  1. http://le-partners.com/ HTTP 301
    https://le-partners.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

89
Requests

93 %
HTTPS

0 %
IPv6

16
Domains

22
Subdomains

21
IPs

5
Countries

1005 kB
Transfer

3061 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://le-partners.com/ HTTP 301
    https://le-partners.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://mc.yandex.ru/watch/71255884?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A666480960899%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A812231672%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/71255884/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A666480960899%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A812231672%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
Request Chain 21
  • https://mc.yandex.ru/watch/87053783?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A2%3Adp%3A0%3Als%3A785482430449%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A693952815%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
  • https://mc.yandex.ru/watch/87053783/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A2%3Adp%3A0%3Als%3A785482430449%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A693952815%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
Request Chain 78
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 80
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

89 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
le-partners.com/
Redirect Chain
  • http://le-partners.com/
  • https://le-partners.com/
21 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 / PHP/7.4.8
Resource Hash
4b3824ee4d64db12694a4216ebda586f649a07e2419addaf9883c0469f4dbceb

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 08:52:13 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
link
<https://le-partners.com/wp-json/>; rel="https://api.w.org/"
pragma
no-cache
server
nginx-reuseport/1.21.1
vary
Accept-Encoding
x-powered-by
PHP/7.4.8

Redirect headers

Connection
keep-alive
Content-Length
179
Content-Type
text/html
Date
Mon, 22 Aug 2022 08:52:12 GMT
Keep-Alive
timeout=30
Location
https://le-partners.com/
Server
nginx-reuseport/1.21.1
yfq5.min.js
rotarb.bid/ 		66 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.min.js
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
2a19b499fe19497ff6902b716b0e5a5aa41d795d696c1fb08363a080c00f1959
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
br
server
nginx
duration
431197
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=300
access-control-allow-headers
*
expires
Mon, 22-Aug-2022 11:57:14 EEST
style.min.css
le-partners.com/wp-includes/css/dist/block-library/ 		53 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:26 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de96-d293"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:14 GMT
theme.min.css
le-partners.com/wp-includes/css/dist/block-library/ 		2 KB
923 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-includes/css/dist/block-library/theme.min.css
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
5d5575c28819cc80d5cf47729e998387ddc2d510a6adf37ce5a19b8f2127ee05

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:26 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de96-8aa"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:14 GMT
wmac_single_ec96e53e57b5d34f762d567cdb29a312.css
le-partners.com/wp-content/cache/wmac/css/ 		1 KB
861 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-content/cache/wmac/css/wmac_single_ec96e53e57b5d34f762d567cdb29a312.css
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
8d34e8184fddd9be2fec7e70279aa846c677386e907ff808249a0d78f8fca296

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:22 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de92-5f4"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:14 GMT
wmac_single_f303e2d5b55f87a667d8ea82a02326c5.css
le-partners.com/wp-content/cache/wmac/css/ 		603 B
464 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-content/cache/wmac/css/wmac_single_f303e2d5b55f87a667d8ea82a02326c5.css
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
e8c05ba86bf479b29120eddd1b15e658201df62bcf2fb7096baaf64e04f716a1

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:22 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de92-25b"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:14 GMT
css
fonts.googleapis.com/ 		5 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700&subset=cyrillic
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
6da58309c2b41920290031163bc4dae426d0e70922edb00a0b2ecda99b4d3932
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Aug 2022 08:52:14 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 22 Aug 2022 08:52:14 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Aug 2022 08:52:14 GMT
style.min.css
le-partners.com/wp-content/themes/reboot/assets/css/ 		214 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-content/themes/reboot/assets/css/style.min.css
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
f9a14ef7679b8373b01e14966f04c11a8fef9515e0991417ceb46810b475de36

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:14 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:25 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de95-35989"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:14 GMT
/
checke.biz/ 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://checke.biz/?re=gi2deyjzgq5ha3ddf42dgnjs
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.216.10.178 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.10.216.95.clients.your-server.de
Software
nginx /
Resource Hash
4f0568a3897d521cf0ac87753aae5e676910d69f4d1bac42863dfdf31d790a0a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 08:52:16 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 22 Aug 2022 08:52:16 GMT
Server
nginx
Strict-Transport-Security
max-age=15768000
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-Control
post-check=0, pre-check=0
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Expires
Mon, 26 Jul 1997 05:00:00 GMT
wmac_ef1e18f410e4de334eab387608983724.js
le-partners.com/wp-content/cache/wmac/js/ 		322 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-content/cache/wmac/js/wmac_ef1e18f410e4de334eab387608983724.js
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
1111c0303b449d40862309330923305a6ad4e131eec9b07a8b749ae4e75a6a22

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:15 GMT
content-encoding
gzip
last-modified
Mon, 31 Jan 2022 13:05:22 GMT
server
nginx-reuseport/1.21.1
etag
W/"61f7de92-50765"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=604800
expires
Mon, 29 Aug 2022 08:52:15 GMT
tag.js
mc.yandex.ru/metrika/ 		205 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/metrika/tag.js
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
79d2a0714828fb6ccc4b66512e397851bb8e7a8b868ec625b5a5d97b539ee212
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:16 GMT
content-encoding
br
last-modified
Mon, 15 Aug 2022 15:05:51 GMT
etag
"62fa369f-118f9"
strict-transport-security
max-age=31536000
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600
content-length
71929
expires
Mon, 22 Aug 2022 09:52:16 GMT
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v25/ 		30 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C400i%2C700&subset=cyrillic
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f94.1e100.net
Software
sffe /
Resource Hash
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://le-partners.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Thu, 18 Aug 2022 06:53:48 GMT
x-content-type-options
nosniff
age
352707
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30928
x-xss-protection
0
last-modified
Mon, 11 Jul 2022 18:57:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 18 Aug 2023 06:53:48 GMT
wpshop-core.ttf
le-partners.com/wp-content/themes/reboot/assets/fonts/ 		57 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://le-partners.com/wp-content/themes/reboot/assets/fonts/wpshop-core.ttf?bz30xv
Requested by
Host: le-partners.com
URL: https://le-partners.com/wp-content/themes/reboot/assets/css/style.min.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.101.153.2 , Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS
ssl.crystal.beget.com
Software
nginx-reuseport/1.21.1 /
Resource Hash
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde

Request headers

Referer
https://le-partners.com/wp-content/themes/reboot/assets/css/style.min.css
Origin
https://le-partners.com
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:15 GMT
last-modified
Mon, 31 Jan 2022 13:05:25 GMT
server
nginx-reuseport/1.21.1
etag
"61f7de95-e52c"
content-type
application/octet-stream
cache-control
max-age=2592000
accept-ranges
bytes
content-length
58668
expires
Wed, 21 Sep 2022 08:52:15 GMT
yfq5.json
rotarb.bid/ 		59 B
261 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
d94e6a0c214484909d030a2859c47d470e49f8a4f494b9a81ec98acb92a584fe
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:16 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
yfq5.json
rotarb.bid/ 		882 B
567 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
c9624ef55d3017656c4bd96965dbb472cf1b0401e075ff3bc50c155a962b2e75
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:16 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
yfq5.json
rotarb.bid/ 		59 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
63c1a9301df78014373a3f1927169aac22693eb063c3daccc1329de28bc34df0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:16 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
nlgd_19091901.js
cdn.zx-adnet.com/adx/ 		145 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ad4e712d28520681b650d156fdf4b4aed9a4ac7bdd32def94d3ba6dea97fabba
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
br
etag
"a177c552d78c8c3260a93c5e051b055d6a3510b2d21690679dfff08811cc4c96-br"
x-cache
HIT
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
19691
x-served-by
cache-bne12524-BNE
last-modified
Wed, 27 Apr 2022 20:26:02 GMT
x-timer
S1661158337.681532,VS0,VE1
date
Mon, 22 Aug 2022 08:52:16 GMT
vary
accept-language, x-country-code, x-fh-requested-host, accept-encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600,public
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive
x-cache-hits
1
abs.js
cdn.zx-adnet.com/adx/ 		220 B
254 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.zx-adnet.com/adx/abs.js?0.9959278429963738
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a2862c9e532e9e51ea7ca8d7c96bb602a74e31396f9c5be127dbea7c5adfc227
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
br
etag
"5fef2687ef3b38d2357073d43abb64a2f46b34fce9295b7d515ee95b7d79cfdb-br"
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
107
x-served-by
cache-bne12524-BNE
last-modified
Wed, 27 Apr 2022 20:26:02 GMT
x-timer
S1661158337.814511,VS0,VE221
date
Mon, 22 Aug 2022 08:52:17 GMT
vary
accept-language, x-country-code, x-fh-requested-host, accept-encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600,public
accept-ranges
bytes
x-robots-tag
noindex, nofollow, noarchive
x-cache-hits
0
mr.js
storage.googleapis.com/s2t-images/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.googleapis.com/s2t-images/mr.js?0.9822917950543213
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.194.128 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
si-in-f128.1e100.net
Software
UploadServer /
Resource Hash
2a379cf63567796698d75a04f4f49c11fbf652effd3b69b3666c45c77789c56c

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:17 GMT
content-encoding
gzip
x-guploader-uploadid
ADPycdvsp81DYp0SnReb5E7YN9Ag9Zd015RimpSpPCbV_wgXI5SVREEdswHSLAAwhHe6olDWKMQOCB-MSAuSdXk2qLg-
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4449
last-modified
Tue, 24 May 2022 13:22:38 GMT
server
UploadServer
etag
"115f5664d494ea5e45aad8061e45949d"
vary
Accept-Encoding
x-goog-hash
crc32c=1nfj4g==, md5=EV9WZNSU6l5FqtgGHkWUnQ==
x-goog-generation
1653398558715037
cache-control
public, max-age=31536000
x-goog-stored-content-length
4449
accept-ranges
bytes
content-type
application/javascript
expires
Tue, 22 Aug 2023 08:52:17 GMT
yfq5.json
rotarb.bid/ 		59 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
322b0b0c20f7033c1a7aec15575bda6e83957d7e8a969fea75f78483cebf7a95
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:16 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
/
offinator.com/ 		25 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://offinator.com/?lpr===QPyZiRyUSbvNmLzJXZuRnchBXLlxmRyUiRyUSQzUycwRHdo1TdmkzMz0DZpN2cmcTPklWY
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.216.10.178 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.10.216.95.clients.your-server.de
Software
nginx /
Resource Hash
ae1deb71760a92ec4c1b47eaaaef207661199e71dd9a1346a1a609f0069b97dc
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 08:52:18 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Last-Modified
Mon, 22 Aug 2022 08:52:18 GMT
Server
nginx
Strict-Transport-Security
max-age=15768000
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-Control
post-check=0, pre-check=0
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
application/javascript
Expires
Mon, 26 Jul 1997 05:00:00 GMT
1
mc.yandex.ru/watch/71255884/
Redirect Chain
  • https://mc.yandex.ru/watch/71255884?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3A...
  • https://mc.yandex.ru/watch/71255884/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%...
331 B
413 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/71255884/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A666480960899%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A812231672%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
07af07e34cb98d82401faca9f044cb7f906b9015c42a638a489f3597979c218e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
x-content-type-options
nosniff
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
331
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
location
/watch/71255884/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A1%3Adp%3A0%3Als%3A666480960899%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A812231672%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT
1
mc.yandex.ru/watch/87053783/
Redirect Chain
  • https://mc.yandex.ru/watch/87053783?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3A...
  • https://mc.yandex.ru/watch/87053783/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%...
338 B
373 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/watch/87053783/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A2%3Adp%3A0%3Als%3A785482430449%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A693952815%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
ca9f2e48febc45bdc948f94f07744d13e458c903662dfa551287581d835d914f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
x-content-type-options
nosniff
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
strict-transport-security
max-age=31536000
content-type
application/json; charset=utf-8
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
338
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT

Redirect headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
location
/watch/87053783/1?wmode=7&page-url=https%3A%2F%2Fle-partners.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Anlzej4hetqp71c81qpn94%3Afp%3A4427%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A870%3Acn%3A2%3Adp%3A0%3Als%3A785482430449%3Ahid%3A368362194%3Az%3A0%3Ai%3A20220822085217%3Aet%3A1661158337%3Ac%3A1%3Arn%3A693952815%3Arqn%3A1%3Au%3A1661158337752167186%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661158330814%3Ads%3A0%2C737%2C917%2C1%2C1627%2C0%2C%2C1142%2C0%2C%2C%2C%2C5175%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661158337%3At%3Ale-partners.com%20-%20le-partners.com&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security
max-age=31536000
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT
advert.gif
mc.yandex.ru/metrika/ 		43 B
136 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/metrika/advert.gif
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:17 GMT
last-modified
Mon, 15 Aug 2022 15:05:51 GMT
etag
"62fa369f-2b"
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=3600
accept-ranges
bytes
content-length
43
expires
Mon, 22 Aug 2022 09:52:17 GMT
checkabuse
cdn.zx-adnet.com/ 		56 B
473 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.zx-adnet.com/checkabuse?surl=https%3A%2F%2Fle-partners.com%2F
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/abs.js?0.9959278429963738
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
151.101.65.195 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
8601386271d3ba06c1135a092613135c5da90b3732a8196e4761faf4b1afdc69
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31556926
content-encoding
gzip
etag
W/"38-qno2VtKrKGrEkeWyGeNb55UMVvo"
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
65
x-served-by
cache-bne12527-BNE
server
Google Frontend
x-timer
S1661158337.158382,VS0,VE238
date
Mon, 22 Aug 2022 08:52:17 GMT
vary
cookie,need-authorization, x-fh-requested-host, accept-encoding
content-type
text/html; charset=utf-8
x-cloud-trace-context
940e4d1896347a83bf076aff8cc8d861
cache-control
max-age=3600,public
function-execution-id
fciyzvlsazc3
accept-ranges
bytes
x-orig-accept-language
en-AU,en;q=0.9
x-country-code
AU
x-cache-hits
0
__ZXCONSENT.ZxGetConsent
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 		212 B
412 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/__ZXCONSENT.ZxGetConsent
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.41.98 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47a9068238b278472646f752c6c226b92ef02d68ae088953c48036d248ccdbf7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:17 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
73ea5f1a8c523778-MEL
gw_251221.js
site2text-2021.web.app/ 		0
415 B 		Script
General
Check archive.org
Download Go to
Full URL
https://site2text-2021.web.app/gw_251221.js?0.9802423205810455
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/s2t-images/mr.js?0.9822917950543213
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Google Frontend /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
x-cache
MISS
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
0
x-served-by
cache-bne12528-BNE
server
Google Frontend
x-timer
S1661158338.007869,VS0,VE262
date
Mon, 22 Aug 2022 08:52:18 GMT
vary
cookie,need-authorization, x-fh-requested-host, accept-encoding
content-type
text/html
x-cloud-trace-context
2d7b97995a3fb9b0bd0aa08865356d2c
cache-control
private
function-execution-id
mhsxmw5qoxa5
accept-ranges
bytes
x-orig-accept-language
en-AU,en;q=0.9
x-country-code
AU
x-cache-hits
0
gpt.js
securepubads.g.doubleclick.net/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
sffe /
Resource Hash
0c9aa48a9dff744077cecac94c091930d9495b118a53160a65090bc8e1ae37fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28489
x-xss-protection
0
server
sffe
etag
"1310 / 835 of 1000 / last-modified: 1660946721"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 22 Aug 2022 08:52:18 GMT
gpt.js
www.googletagservices.com/tag/js/ 		83 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js?zx
Requested by
Host: cdn.zx-adnet.com
URL: https://cdn.zx-adnet.com/adx/nlgd_19091901.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
0c9aa48a9dff744077cecac94c091930d9495b118a53160a65090bc8e1ae37fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
28489
x-xss-protection
0
server
sffe
etag
"1310 / 826 of 1000 / last-modified: 1661157845"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Mon, 22 Aug 2022 08:52:18 GMT
/
mc.yandex.ru/watch/71311498/NLGD/ 		43 B
71 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/watch/71311498/NLGD/?r=0.20508436182878476
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT
53428543
mc.yandex.ru/watch/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/watch/53428543?wmode=7&site-info={%22NLGD%22:{%22le-partners.com%22:{%22https://le-partners.com/%22:%22%22}}}&r=0.9131398509746644
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
/
mc.yandex.ru/watch/71311498/NLGD/ 		43 B
71 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/watch/71311498/NLGD/?r=0.030155398095978114
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:17 GMT
last-modified
Mon, 22-Aug-2022 08:52:17 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:17 GMT
53428543
mc.yandex.ru/watch/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mc.yandex.ru/watch/53428543?wmode=7&site-info={%22NLGD%22:{%22le-partners.com%22:{%22https://le-partners.com/%22:%22%22}}}&r=0.011244927542330307
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
yfq5.json
rotarb.bid/ 		59 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
1993a2561d148614ff375ef7c05df49dcb6cb6a97e626873f44023a2e24e1816
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:18 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
pubads_impl_2022081501.js
securepubads.g.doubleclick.net/gpt/ 		384 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js?zx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
sffe /
Resource Hash
6fb2352555371675225ce7b1e1832ac4b1ad8e83dc396d10b70a42dac24addc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 15 Aug 2022 10:41:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
598276
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
133600
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:36:18 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 15 Aug 2023 10:41:02 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/ 		37 B
75 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=le-partners.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js?zx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
63a3bb455c2f1f686186912d6c7c0e9714db7e31daa630db076eb2ecb04e5dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 08:52:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
51
x-xss-protection
0
expires
Mon, 22 Aug 2022 08:52:18 GMT
popunder1000.js
a.exdynsrv.com/ 		93 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.exdynsrv.com/popunder1000.js
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
205.185.216.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
map2.hwcdn.net
Software
nginx /
Resource Hash
32164f1fc7b3a532d0f450ba7ea2f34d2a50e84b64e156963b4a3e0a78d1544d

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date
Mon, 22 Aug 2022 08:52:19 GMT
Content-Encoding
gzip
Server
nginx
etag
W/"3ad893acf0f115f3a9b29e6fafa"
X-HW
1661158339.dop005.me1.t,1661158339.cds008.me1.shn,1661158339.dop005.me1.t,1661158339.cds005.me1.c
Content-Type
application/javascript
Access-Control-Allow-Origin
*, *
Cache-Control
max-age=10800
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
39971
=gjMmNGZlJDZxUGMiJ2M0ATMxMGO1gjZ0QzY0YjZmlTZdx3Wv02bj5ycyVmb0JXYw1SZs9yL6MHc0RHadx3W4MzM4UTMxYjNx0FfbBTNdx3WyIjN0YjMyETX8t1N1ITX8tVN0IzMxEzNzETX8tVOzMTX8t1N
offinator.com/pxl/ 		0
437 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://offinator.com/pxl/=gjMmNGZlJDZxUGMiJ2M0ATMxMGO1gjZ0QzY0YjZmlTZdx3Wv02bj5ycyVmb0JXYw1SZs9yL6MHc0RHadx3W4MzM4UTMxYjNx0FfbBTNdx3WyIjN0YjMyETX8t1N1ITX8tVN0IzMxEzNzETX8tVOzMTX8t1N
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.216.10.178 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.178.10.216.95.clients.your-server.de
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 22 Aug 2022 08:52:19 GMT
Last-Modified
Mon, 22 Aug 2022 08:52:19 GMT
Server
nginx
Strict-Transport-Security
max-age=15768000
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
image/png
Expires
Mon, 26 Jul 1997 05:00:00 GMT
integrator.js
adservice.google.com.au/adsid/ 		107 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com.au/adsid/integrator.js?domain=le-partners.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f155.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 08:52:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
549 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=le-partners.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.10.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f157.1e100.net
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 08:52:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/ 		138 KB
40 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1318497179455438&correlator=3111850793245061&eid=31068458%2C31068367%2C44742768&output=ldjh&gdfp_req=1&vrg=2022081501&ptt=17&impl=fif&iu_parts=41117126%2CZXNT%2Czxntmx%2Czxntmx_nlgd&enc_prev_ius=0%2F1%2F2%2F3&prev_iu_szs=1x1&ifi=1&adks=2098410588&sfv=1-0-38&ists=1&fas=8&fsapi=false&prev_scp=ad_format%3Dinterstitial&cust_params=site_domen%3Dle-partners.com%26site_topdomen%3Dle-partners.com%26site_referrer%3D%26site_hash%3D%26keywords%3Dle%2520partners%2520com%2520le%2520partners%2520com%2520le%2520partners%2520com&sc=1&cookie_enabled=1&abxe=1&dt=1661158339330&lmt=1661158339&dlt=1661158334098&idt=5198&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fle-partners.com%2F&frm=20&vis=1&psz=0x-1&msz=0x-1&fws=2&ohw=0&ga_vid=279552611.1661158339&ga_sid=1661158339&ga_hid=952086770&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
7e879510e4ec6869a01b9bcde10953f3e897dfc0cac8285263208c4971b2e38b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:20 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41072
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://le-partners.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		97 KB
37 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1318497179455438&correlator=3111850793245061&eid=31068458%2C31068367%2C44742768&output=ldjh&gdfp_req=1&vrg=2022081501&ptt=17&impl=fif&iu_parts=41117126%2CZXNT%2Czxnt_nlgd&enc_prev_ius=0%2F1%2F2&prev_iu_szs=300x600&ifi=2&adks=3246780437&sfv=1-0-38&fsapi=false&cust_params=site_domen%3Dle-partners.com%26site_topdomen%3Dle-partners.com%26site_referrer%3D%26site_hash%3D%26keywords%3Dle%2520partners%2520com%2520le%2520partners%2520com%2520le%2520partners%2520com%26seg_id%3D21120200%26site_url%3Dhttps%253A%252F%252Fle-partners.com%252F&sc=1&cookie_enabled=1&abxe=1&dt=1661158339353&lmt=1661158339&dlt=1661158334098&idt=5198&adxs=1050&adys=170&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fle-partners.com%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=4&ohw=1600&ga_vid=279552611.1661158339&ga_sid=1661158339&ga_hid=952086770&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
caa5c0bff89d97828d3326049d4b5a72264655b0b65259b8f7455b5e88e6d7da
Security Headers
Name Value
Content-Security-Policy child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNTMi4aJ2vkCFVLDjwodVC8KHg&gqi=&layout=/sadbundle/%24csp%253Der3%24/8466112143080509420/index.html
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CNTMi4aJ2vkCFVLDjwodVC8KHg&gqi=&layout=/sadbundle/%24csp%253Der3%24/8466112143080509420/index.html
content-encoding
br
x-content-type-options
nosniff
google-creative-id
-1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37500
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
date
Mon, 22 Aug 2022 08:52:20 GMT
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://le-partners.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/ 		554 B
317 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1318497179455438&correlator=3111850793245061&eid=31068458%2C31068367%2C44742768&output=ldjh&gdfp_req=1&vrg=2022081501&ptt=17&impl=fif&iu_parts=41117126%2CZXNT%2Czxnt_nlgd&enc_prev_ius=0%2F1%2F2&prev_iu_szs=300x600&ifi=3&adks=2430335984&sfv=1-0-38&fsapi=false&cust_params=site_domen%3Dle-partners.com%26site_topdomen%3Dle-partners.com%26site_referrer%3D%26site_hash%3D%26keywords%3Dle%2520partners%2520com%2520le%2520partners%2520com%2520le%2520partners%2520com%26seg_id%3D21120200%26site_url%3Dhttps%253A%252F%252Fle-partners.com%252F&sc=1&cookie_enabled=1&abxe=1&dt=1661158339357&lmt=1661158339&dlt=1661158334098&idt=5198&adxs=1050&adys=817&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fle-partners.com%2F&frm=20&vis=1&psz=300x-1&msz=300x-1&fws=4&ohw=1600&ga_vid=279552611.1661158339&ga_sid=1661158339&ga_hid=952086770&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
cafe /
Resource Hash
1fb1fea9d2277be009763063cdd0e6855d03db98c359f60d417a5ab34bef0246
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:19 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
287
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
-2
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://le-partners.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4BAD 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://le-partners.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 08:52:19 GMT
expires
Tue, 22 Aug 2023 08:52:19 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pubads_impl_page_level_ads_2022081501.js
securepubads.g.doubleclick.net/gpt/ 		36 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_page_level_ads_2022081501.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.10.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sd-in-f154.1e100.net
Software
sffe /
Resource Hash
6c9a22c41d6de7a6638f89923492f51c2a1d94e5c3a90e907fa9d580f7b66105
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 15 Aug 2022 10:41:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
598242
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13584
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:36:18 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Tue, 15 Aug 2023 10:41:37 GMT
yfq5.json
rotarb.bid/ 		59 B
260 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rotarb.bid/yfq5.json
Requested by
Host: rotarb.bid
URL: https://rotarb.bid/yfq5.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.4.104.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.244.104.4.46.clients.your-server.de
Software
nginx /
Resource Hash
e0c7252d904a1222694e26f1bcaf81c43c4b7a62ca3ec572dac2f00daf6ea38c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Mon, 22 Aug 2022 08:52:20 GMT
content-encoding
br
server
nginx
strict-transport-security
max-age=63072000
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-allow-headers
*
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022081501&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
cafe /
Resource Hash
6cc164ac612722855b0083b5b0d6cf531be8fe685e59363763da2790625c01b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 22 Aug 2022 08:52:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11187
x-xss-protection
0
71255884
mc.yandex.ru/webvisor/ 		43 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/71255884?wmode=0&wv-part=1&wv-hit=368362194&page-url=https%3A%2F%2Fle-partners.com%2F&rn=565563769&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1661158340%3Aw%3A1600x1200%3Av%3A870%3Az%3A0%3Ai%3A20220822085220%3Au%3A1661158337752167186%3Avf%3Anlzej4hetqp71c81qpn94%3Awe%3A1%3Ast%3A1661158340&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:21 GMT
last-modified
Mon, 22-Aug-2022 08:52:21 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:21 GMT
container.html
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame DD82 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://le-partners.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 08:52:20 GMT
expires
Tue, 22 Aug 2023 08:52:20 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 08:52:20 GMT
71255884
mc.yandex.ru/webvisor/ 		43 B
145 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mc.yandex.ru/webvisor/71255884?wmode=0&wv-part=1&wv-hit=368362194&page-url=https%3A%2F%2Fle-partners.com%2F&rn=622626751&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1661158341%3Aw%3A1600x1200%3Av%3A870%3Az%3A0%3Ai%3A20220822085220%3Au%3A1661158337752167186%3Avf%3Anlzej4hetqp71c81qpn94%3Awe%3A1%3Ast%3A1661158341&t=gdpr(14)ti(2)
Requested by
Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
77.88.21.119 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
mc.yandex.ru
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Xss-Protection 1; mode=block

Request headers

Referer
https://le-partners.com/
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 22 Aug 2022 08:52:21 GMT
last-modified
Mon, 22-Aug-2022 08:52:21 GMT
strict-transport-security
max-age=31536000
content-type
image/gif
access-control-allow-origin
https://le-partners.com
cache-control
private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials
true
content-length
43
x-xss-protection
1; mode=block
expires
Mon, 22-Aug-2022 08:52:21 GMT
container.html
3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 87E4 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081501.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.253.118.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sl-in-f132.1e100.net
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://le-partners.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 08:52:20 GMT
expires
Tue, 22 Aug 2023 08:52:20 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
delayed_impression_vu_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/impression/ Frame DD82 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/impression/delayed_impression_vu_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
cd0a1a7809246df79a2925f6eeca126c04d2b40c811cc7ac7486370de3c5d3df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 07:18:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
5655
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7706
x-xss-protection
0
server
cafe
etag
12501587712337178964
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 07:18:05 GMT
css2
fonts.googleapis.com/ Frame 87E4 		4 KB
732 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Aug 2022 07:30:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 22 Aug 2022 08:52:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Aug 2022 08:52:21 GMT
css
fonts.googleapis.com/ Frame A0CF 		8 KB
966 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.24.95 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sf-in-f95.1e100.net
Software
ESF /
Resource Hash
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 22 Aug 2022 07:17:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 22 Aug 2022 08:52:21 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 22 Aug 2022 08:52:21 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame A0CF 		2 KB
983 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 06:32:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
8368
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
875
x-xss-protection
0
server
cafe
etag
16974406330603315520
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 06:32:52 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/ Frame A0CF 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/abg_lite_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:26:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1563
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9668
x-xss-protection
0
server
cafe
etag
3250940068065303693
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:26:17 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame A0CF 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/window_focus_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:44:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
494
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:44:07 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame A0CF 		17 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:44:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
455
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:44:46 GMT
l
www.google.com/ads/measurement/ Frame A0CF 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQuugpED4U3KFEapZmomtkFdhHwtZRmNZuhwGFegXLPquovWhDl9hS1bmYkAwMOmjyjcwPhRvOcaXsKYOYPnQwJXL4xQg
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f105.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A0CF 		140 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44050
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1660737283953252"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 08:52:21 GMT
16838d5bcb4c763c91f5404f5ca97705.js
www.gstatic.com/mysidia/ Frame A0CF 		33 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/mysidia/16838d5bcb4c763c91f5404f5ca97705.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f94.1e100.net
Software
sffe /
Resource Hash
93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 02:40:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
454304
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13605
x-xss-protection
0
last-modified
Tue, 16 Aug 2022 13:11:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Tue, 15 Nov 2022 02:40:37 GMT
interstitial_ad_frame_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/ Frame 87E4 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:38:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
853
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8368
x-xss-protection
0
server
cafe
etag
5162546928090487746
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:38:08 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 87E4 		205 B
744 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f94.1e100.net
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 15:56:34 GMT
x-content-type-options
nosniff
age
492947
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 16 Aug 2023 15:56:34 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 87E4 		604 B
696 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.68.94 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f94.1e100.net
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Tue, 16 Aug 2022 21:11:54 GMT
x-content-type-options
nosniff
age
474027
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Wed, 16 Aug 2023 21:11:54 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 2280 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://le-partners.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
age
117272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 21 Aug 2022 00:17:49 GMT
expires
Mon, 21 Aug 2023 00:17:49 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame FE8C 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f105.1e100.net
Software
GSE /
Resource Hash
d1852a8de2900d32c92c5df201bda8f8d598d9a6a7217708b338a97f208c90ba
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-vAAnSCNkGf9xWzp0AQQgYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://le-partners.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
513
content-security-policy
script-src 'report-sample' 'nonce-vAAnSCNkGf9xWzp0AQQgYw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 08:52:21 GMT
expires
Mon, 22 Aug 2022 08:52:21 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
index.html
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/ Frame 5314 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
28e1b4c01942dce0af57f04e3fb660f86213eb65ee476ec2b0b3839e4b23cba9
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
7186
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
846
content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
cross-origin-resource-policy
cross-origin
date
Mon, 22 Aug 2022 06:52:35 GMT
expires
Tue, 22 Aug 2023 06:52:35 GMT
last-modified
Tue, 16 Aug 2022 18:26:47 GMT
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/ Frame DD82 		23 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/abg_lite_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:26:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1564
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9668
x-xss-protection
0
server
cafe
etag
3250940068065303693
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:26:17 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 8AC4 		143 B
426 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

age
808
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 08:38:53 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/pagead/ Frame FE8C 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022081501&jk=1318497179455438&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
exitapi-impl.js
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 5314 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 14:46:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
65160
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3271
x-xss-protection
0
server
cafe
etag
7483759447172721109
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Mon, 22 Aug 2022 14:46:21 GMT
addata.js
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 5314 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Sun, 21 Aug 2022 22:19:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37958
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10382
x-xss-protection
0
server
cafe
etag
12806417668659483808
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=86400
timing-allow-origin
*
expires
Mon, 22 Aug 2022 22:19:43 GMT
lottie.min.js
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/ Frame 5314 		271 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/lottie.min.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
0436434f23f1dce5317fc1b3f8cce48dc8efa9bcb1783ca9e4fe4a38fb1be6bf
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
150801
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69850
x-xss-protection
0
last-modified
Tue, 16 Aug 2022 18:26:47 GMT
server
sffe
date
Sat, 20 Aug 2022 14:59:00 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Aug 2023 14:59:00 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 467D 		143 B
198 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.200.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sa-in-f156.1e100.net
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

age
808
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
date
Mon, 22 Aug 2022 08:38:53 GMT
server
cafe
x-content-type-options
nosniff
x-xss-protection
0
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame DD82 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/window_focus_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:44:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
494
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:44:07 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame DD82 		140 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44050
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1660737283953252"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 22 Aug 2022 08:52:21 GMT
932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
pagead2.googlesyndication.com/bg/ Frame 2280 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 07:15:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
437814
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14036
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Aug 2023 07:15:27 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/ Frame DD82 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220817/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
cafe /
Resource Hash
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:44:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
455
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7599
x-xss-protection
0
server
cafe
etag
9215437806027971270
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Mon, 05 Sep 2022 08:44:46 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 8AC4
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0
932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
pagead2.googlesyndication.com/bg/ Frame 6709 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
Requested by
Host: le-partners.com
URL: https://le-partners.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 07:15:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
437815
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14036
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Aug 2023 07:15:27 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame 467D
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0
generate_204
tpc.googlesyndication.com/ Frame 2280 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?jx9pAw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Mon, 22 Aug 2022 08:52:22 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
Displays%20300x600.json
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/ Frame 5314 		26 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/Displays%20300x600.json
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/lottie.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.4.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sm-in-f132.1e100.net
Software
sffe /
Resource Hash
d4975798877acc4307476e9e29c35fb7aced0feef9aced5ad95490deb7ff65b4
Security Headers
Name Value
Content-Security-Policy default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

content-security-policy
default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding
gzip
x-content-type-options
nosniff
age
150802
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5187
x-xss-protection
0
last-modified
Tue, 16 Aug 2022 18:26:47 GMT
server
sffe
date
Sat, 20 Aug 2022 14:59:00 GMT
vary
Accept-Encoding
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Sun, 20 Aug 2023 14:59:00 GMT
932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
pagead2.googlesyndication.com/bg/ Frame 5314 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/932hlcctLOJRtLoo5sJe2QKRhL1SnC_Hox4lZlMNfoI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
sffe /
Resource Hash
f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date
Wed, 17 Aug 2022 07:15:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
437815
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14036
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 08:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 17 Aug 2023 07:15:27 GMT
71255884
mc.yandex.ru/webvisor/ 		0
0
l
www.google.com/ads/measurement/ Frame DD82 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSz0BoA1vHmeX5fzZwxEDXib-ONB2Ck31sf5E1BAAz6ggJvTGQVUc2r3b8GS9G6jQ22p83HCzYbyJqWNa6V6HjoIOgbfA
Requested by
Host: 3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
URL: https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.12.105 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
se-in-f105.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
truncated
/ Frame DD82 		213 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb30fdc3fac0cdc66b66937390967b7ab487b942c8547b40fe26f8c1e18bb6c6

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Content-Type
image/png
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022081501&jk=1318497179455438&bg=!-_il-LzNAAYUOm8VNDo7ACkAdvg8WswW0-kEuXnHks2NJIODc1NkxmarEHYc1sKNuacFrohGGCupNQIAAABmUgAAAANoAQeZAvh_B099wbAEZlW1Kf_daV1gE50GNUA-5D4Fkrymta69p9OOfJV4rhx6KVzCeVOv0esnMbxHMwNa_MEGr2GNapkEhXmUJAE1_LdAjlYeqbkcVYN1HzhLD47e2KkVzLjWrxZQFRMFWQ3IlWBUwmNdfuzB5LpHGs_SRNgkUwnO__etVl2vGb2klpJBS2LZf61_VhVLZe4bSkEhXuCPX-HaNspxFplt0af_1UNUZquJclKzhLLh1dGlpUEcZmWbb7uxZjDD4XjXjFnJfbEG9IgRvt-29WPpJS2s0lIwAh49P6V0CaVspDsroKlWfABRKt5L5cvAabu4NglspAi9yi-QISmNrTA59PXqYMNBTKrZ0HrIm7PSBs1vo0K3qj98SsQYNJpKt-3UD-xtgz0VI6jGqCPmWvKw07eKGMrE4ZwqebIW8_xeq5DggHJPTo015FjtHVMsf7gOuOs8s9rkl_gBcAwJ2rDE6gsSuHv9mQ39TaReTk0yx7MOpr3_1TrtayiW0HdeAjpKyWruoArEOBUd2Mh_VA1WsHveFe0_H2JOctn3gK8xbMJc832dFMZ6LDfSWRIheu54pxLgoepsBQLrhnmi8Xx8eI5B2x-Fz6ulyC66kWfsKXtxS2gX4BcrUU60NZM29vSh5anaFrsj0E6ca6u7ygH7YZqY2-GziLOzn2Wn6wAFpeZpY403_2E5y4u0QdFlfwkRk13dqVRaqi1KYhQWP5XoGU7uU7E2Vlsp2kxBVfDk9V1sDoGsHbKJs0wSb5fEkyFLESas7msfV6vjkdzv0QBVvi3O9EnRgnDpn5hdGZw40BqRjdnKuTTCXohRD6vIAWhEumVKfj5-AnSqphW0OX_Z5R3jVGS_tfPZXSpwamggc9p8J9sD9gIB_9A9PYcOAc9-slWvbkBdxzHnhzh3lixvEpv62lpwOgMW7VL-Vx2IEGXfs_FO4MuZnUVNEAHUdBmaIvLWtSmVu01kfXY2NGYzaaMRgoGhO1wmXsqyAYLGBprEy7k4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
74.125.68.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
sc-in-f154.1e100.net
Software
/
Resource Hash

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://le-partners.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers
img_0.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/images/ Frame 5314 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Domain
mc.yandex.ru
URL
https://mc.yandex.ru/webvisor/71255884?wmode=0&wv-part=2&wv-hit=368362194&page-url=https%3A%2F%2Fle-partners.com%2F&rn=745308516&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1661158342%3Aw%3A1600x1200%3Av%3A870%3Az%3A0%3Ai%3A20220822085222%3Au%3A1661158337752167186%3Avf%3Anlzej4hetqp71c81qpn94%3Awe%3A1%3Ast%3A1661158342&t=gdpr(14)ti(2)
Domain
tpc.googlesyndication.com
URL
https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/8466112143080509420/images/img_0.jpg

Verdicts & Comments Add Verdict or Comment

159 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| rbConfig function| ym object| wpcf7 object| settings_array object| wps_ajax object| $jscomp number| SesEOa2m2OKxd56JECgK string| rulvW5gntb function| updateRbDisplays function| asyncBlocksInsertingFunction function| asyncFunctionLauncher function| percentSeparator function| symbolInserter function| percentInserter function| createCookie function| readCookie function| eraseCookie function| wpshop_empty function| q2w3_sidebar_init function| q2w3_exclude_mutations_array function| q2w3_sidebar boolean| nReadyBlock function| sendReadyBlocksNew function| gatherReadyBlocks function| timeBeforeGathering undefined| $ function| jQuery boolean| isMobile boolean| isSearchBot function| Swiper object| VK object| ODKL object| _goodshare object| jQuery112403883332186780559 object| _0x6ddd number| zxadflg_rich_stat boolean| cs_flg string| zxmngname_ext string| yamId string| zx_domaine_ext string| zxadblockmng_ext number| zx_ad_flg boolean| zx_flgCap number| zx_gcWrk boolean| zx_flgOverlay boolean| zx_flgNative function| ZxStartMainModule number| nmprd string| zx_type_ad string| zxadpartner_ext object| __ZXNT number| zxCheckAbsStart object| t object| e object| __ZXCONSENT object| Ya object| yaCounter71255884 object| yaCounter87053783 number| zxCheckAbs number| zxConsentEnabled number| ZxConsentFlg number| OaCmpEnabledflg number| ZxConsentCheckStatus number| ZxTimerConsensDelay object| _0x5263 function| $jscomp$lookupPolyfilledValue number| mrwrk object| MpRd string| didomiCountry object| didomiGeoRegulations object| ZXNT object| ABS_URL object| DATAZXNT string| slot_ext string| zxadblock_ext string| domen string| site_topdomen number| prtintstlprocent string| zxAdUnit77 object| googletag string| zx_network_prefix string| zx_ad_slot_default object| adx_dfp_bloks string| zx_banner_w_default string| zx_banner_h_default string| BannerSize_default number| flg_dfp object| t2 object| e2 string| url1 string| url2 string| url3 string| zx_ad_place number| zx_ad_width number| zx_ad_height string| zx_ad_slot string| zx_ad_id string| ins_targets number| cw number| ch object| tt98 string| txt98 string| txt99 string| stl98 string| BannerSize function| getCs object| ggeac object| google_tag_data object| google_js_reporting_queue undefined| google_measure_js_timing object| google_reactive_ads_global_state object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id object| gaGlobal function| H5 function| T1NN function| K1NN number| K0uuuu function| q3eeo function| W1_DJ2 number| W_B$WB function| N02i_ string| f336c3 function| l977 object| exoJsPop101 number| ad_idzone number| ad_frequency_period number| ad_frequency_count number| ad_trigger_method boolean| ad_popup_force boolean| ad_popup_fallback boolean| ad_new_tab string| ad_sub string| ad_sub2 string| ad_sub3 string| ad_cat string| ad_trigger_class string| ad_tags string| ad_el boolean| ad_chrome_enabled boolean| ad_t_venor boolean| ad_cookieconsent object| GoogleGcLKhOms object| ed

15 Cookies

Domain/Path Name / Value
le-partners.com/ Name: PHPSESSID
Value: 90202aad548394717d77e2654ecbaa85
le-partners.com/ Name: wpfront-notification-bar-landingpage
Value: 1
.le-partners.com/ Name: _ym_uid
Value: 1661158337752167186
.le-partners.com/ Name: _ym_d
Value: 1661158337
.yandex.ru/ Name: ymex
Value: 1976518337.yrts.1661158337#1976518337.yrtsi.1661158337
.yandex.ru/ Name: yandexuid
Value: 2010042011661158337
.yandex.ru/ Name: yuidss
Value: 2010042011661158337
mc.yandex.ru/ Name: yabs-sid
Value: 1484374111661158337
.yandex.ru/ Name: i
Value: cBHS8HV/R13XmjGRh+wfnjmFxwC3149XcBLsHsvH/YwjZf9FBJI3R8+tyEIEJt+E1IM8btYB3wqpG3O4vOseEes+6cw=
.le-partners.com/ Name: _ym_isad
Value: 2
le-partners.com/ Name: zxntcmp
Value: 1
.le-partners.com/ Name: _ym_visorc
Value: w
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.le-partners.com/ Name: __gads
Value: ID=99a339fc7005de77-22885c6dbcd50033:T=1661158339:S=ALNI_MbgNJXxIrQ-6mENN1-g9VdgYccVyw
.le-partners.com/ Name: __gpi
Value: UID=000008e0a57c5b57:T=1661158339:RT=1661158339:S=ALNI_MZ7fNL8f0nReIMK9R4y7z2thyypTQ

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3c9503860f4d0c967f076fcedf8f1768.safeframe.googlesyndication.com
a.exdynsrv.com
adservice.google.com
adservice.google.com.au
cdn.zx-adnet.com
checke.biz
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
googleads.g.doubleclick.net
le-partners.com
mc.yandex.ru
offinator.com
pagead2.googlesyndication.com
rotarb.bid
securepubads.g.doubleclick.net
site2text-2021.web.app
storage.googleapis.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
googleads.g.doubleclick.net
mc.yandex.ru
tpc.googlesyndication.com
104.18.41.98
142.250.4.132
142.251.10.154
142.251.10.157
142.251.12.105
151.101.65.195
172.217.194.128
172.253.118.132
199.36.158.100
205.185.216.42
46.4.104.244
5.101.153.2
74.125.200.156
74.125.24.94
74.125.24.95
74.125.68.154
74.125.68.155
74.125.68.94
77.88.21.119
95.216.10.178
0436434f23f1dce5317fc1b3f8cce48dc8efa9bcb1783ca9e4fe4a38fb1be6bf
07af07e34cb98d82401faca9f044cb7f906b9015c42a638a489f3597979c218e
0c9aa48a9dff744077cecac94c091930d9495b118a53160a65090bc8e1ae37fc
1111c0303b449d40862309330923305a6ad4e131eec9b07a8b749ae4e75a6a22
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1993a2561d148614ff375ef7c05df49dcb6cb6a97e626873f44023a2e24e1816
1fb1fea9d2277be009763063cdd0e6855d03db98c359f60d417a5ab34bef0246
28e1b4c01942dce0af57f04e3fb660f86213eb65ee476ec2b0b3839e4b23cba9
2a19b499fe19497ff6902b716b0e5a5aa41d795d696c1fb08363a080c00f1959
2a379cf63567796698d75a04f4f49c11fbf652effd3b69b3666c45c77789c56c
32164f1fc7b3a532d0f450ba7ea2f34d2a50e84b64e156963b4a3e0a78d1544d
322b0b0c20f7033c1a7aec15575bda6e83957d7e8a969fea75f78483cebf7a95
47a9068238b278472646f752c6c226b92ef02d68ae088953c48036d248ccdbf7
4b3824ee4d64db12694a4216ebda586f649a07e2419addaf9883c0469f4dbceb
4cf6f3dffbc65f9231255bf31f40ddc84a45bc57428b41d6786afc7153b90b7a
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4f0568a3897d521cf0ac87753aae5e676910d69f4d1bac42863dfdf31d790a0a
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d5575c28819cc80d5cf47729e998387ddc2d510a6adf37ce5a19b8f2127ee05
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
63a3bb455c2f1f686186912d6c7c0e9714db7e31daa630db076eb2ecb04e5dcb
63c1a9301df78014373a3f1927169aac22693eb063c3daccc1329de28bc34df0
6c9a22c41d6de7a6638f89923492f51c2a1d94e5c3a90e907fa9d580f7b66105
6cc164ac612722855b0083b5b0d6cf531be8fe685e59363763da2790625c01b3
6da58309c2b41920290031163bc4dae426d0e70922edb00a0b2ecda99b4d3932
6fb2352555371675225ce7b1e1832ac4b1ad8e83dc396d10b70a42dac24addc7
79d2a0714828fb6ccc4b66512e397851bb8e7a8b868ec625b5a5d97b539ee212
7e879510e4ec6869a01b9bcde10953f3e897dfc0cac8285263208c4971b2e38b
8601386271d3ba06c1135a092613135c5da90b3732a8196e4761faf4b1afdc69
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8c626f0f9b5c109539b256b73e72c02b300a184f46b4535c2eb86599215c78af
8d34e8184fddd9be2fec7e70279aa846c677386e907ff808249a0d78f8fca296
93b23044262887fc2d7651deb7749b1d5b9dd942922da55a84fec5dfb38e024f
973408bd1a1da181c7eaa9293c0cd095f3836a76b626bc76af21e1cd96b5dcde
981c0bff12cb03203363a70e8ffe9b7fdf4af3b0b10c7a02a639eb13327574c0
a2862c9e532e9e51ea7ca8d7c96bb602a74e31396f9c5be127dbea7c5adfc227
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
ad4e712d28520681b650d156fdf4b4aed9a4ac7bdd32def94d3ba6dea97fabba
ae1deb71760a92ec4c1b47eaaaef207661199e71dd9a1346a1a609f0069b97dc
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
ba7478138664dfbadff2af30a268f4200a752a73d07dafb55937af20d1061357
ba7beca0f5402387b359ad40d2af0dda9632f6b81e2aa0c26336324c358c3e10
c2777526a216d9692dd29697ebee7836fe8ae65f3a290faa20b75b64c0625205
c9624ef55d3017656c4bd96965dbb472cf1b0401e075ff3bc50c155a962b2e75
ca9f2e48febc45bdc948f94f07744d13e458c903662dfa551287581d835d914f
caa5c0bff89d97828d3326049d4b5a72264655b0b65259b8f7455b5e88e6d7da
cb30fdc3fac0cdc66b66937390967b7ab487b942c8547b40fe26f8c1e18bb6c6
cd0a1a7809246df79a2925f6eeca126c04d2b40c811cc7ac7486370de3c5d3df
d1852a8de2900d32c92c5df201bda8f8d598d9a6a7217708b338a97f208c90ba
d4975798877acc4307476e9e29c35fb7aced0feef9aced5ad95490deb7ff65b4
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d94e6a0c214484909d030a2859c47d470e49f8a4f494b9a81ec98acb92a584fe
e0c7252d904a1222694e26f1bcaf81c43c4b7a62ca3ec572dac2f00daf6ea38c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8c05ba86bf479b29120eddd1b15e658201df62bcf2fb7096baaf64e04f716a1
f77da195c72d2ce251b4ba28e6c25ed9029184bd529c2fc7a31e2566530d7e82
f964612ea368ffe1d612a004f0a0e05453155fa7cb27dff624e5ada25c6847fb
f9a14ef7679b8373b01e14966f04c11a8fef9515e0991417ceb46810b475de36