ricowhaz.com Open in urlscan Pro
67.213.82.10 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ricowhaz.com/
Submission: On December 08 via api (December 8th 2023, 7:57:07 pm UTC) from US — Scanned from US

Summary HTTP 135 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 20 IPs in 5 countries across 28 domains to perform 135 HTTP transactions. The main IP is 67.213.82.10, located in Toronto, Canada and belongs to AS40028, CA. The main domain is ricowhaz.com.
TLS certificate: Issued by R3 on November 10th 2023. Valid for: 3 months.

This is the only time ricowhaz.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
24	67.213.82.10 67.213.82.10	40028 (AS40028) (AS40028)
12	2607:f8b0:400... 2607:f8b0:4004:c08::9b	15169 (GOOGLE) (GOOGLE)
3	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2 10	2607:f8b0:400... 2607:f8b0:4004:c17::9a	15169 (GOOGLE) (GOOGLE)
3	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2607:f8b0:400... 2607:f8b0:4004:c09::5f	15169 (GOOGLE) (GOOGLE)
19	2607:f8b0:400... 2607:f8b0:4004:c09::84	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c09::9d	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c17::5e	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c08::68	15169 (GOOGLE) (GOOGLE)
8	23.55.204.22 23.55.204.22	16625 (AKAMAI-AS) (AKAMAI-AS)
11	23.197.0.23 23.197.0.23	16625 (AKAMAI-AS) (AKAMAI-AS)
3 3	104.67.193.98 104.67.193.98	16625 (AKAMAI-AS) (AKAMAI-AS)
2 24	172.253.63.155 172.253.63.155	15169 (GOOGLE) (GOOGLE)
3 3	38.98.69.175 38.98.69.175	174 (COGENT-174) (COGENT-174)
1 1	31.220.27.135 31.220.27.135	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2 2	35.207.24.140 35.207.24.140	15169 (GOOGLE) (GOOGLE)
2 2	199.38.167.130 199.38.167.130	54312 (ROCKETFUEL) (ROCKETFUEL)
2 2	35.208.249.213 35.208.249.213	19527 (GOOGLE-2) (GOOGLE-2)
2 2	23.222.5.91 23.222.5.91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.205.106.147 23.205.106.147	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2607:f8b0:400... 2607:f8b0:4004:c06::5e	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6812:19ad	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
1 1	20.121.97.20 20.121.97.20	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	142.251.179.155 142.251.179.155	15169 (GOOGLE) (GOOGLE)
1 2	69.194.242.12 69.194.242.12	26120 (RHYTHMONE) (RHYTHMONE)
2 2	52.73.29.71 52.73.29.71	14618 (AMAZON-AES) (AMAZON-AES)
1 1	35.236.220.17 35.236.220.17	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	172.104.70.67 172.104.70.67	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2 2	23.219.12.236 23.219.12.236	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
135	20

24 67.213.82.10 (Toronto, Canada)

ASN40028 (AS40028, CA)
PTR: buy1.baseservers.com

ricowhaz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2607:f8b0:4004:c08::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
0.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2607:f8b0:4004:c17::9a (Washington, United States) 2 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c09::5f (Ashburn, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2607:f8b0:4004:c09::84 (Ashburn, United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c09::9d (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c17::5e (Washington, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c08::68 (Ashburn, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.55.204.22 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-55-204-22.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.197.0.23 (Marietta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-0-23.deploy.static.akamaitechnologies.com

warp.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lg3.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hblg.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cs.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.67.193.98 (Marietta, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-67-193-98.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 172.253.63.155 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: bi-in-f155.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 38.98.69.175 (North Bergen, United States) 3 redirects

ASN174 (COGENT-174, US)

aep.mxptint.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.220.27.135 (Amsterdam, Netherlands) 1 redirects

ASN39572 (ADVANCEDHOSTERS-AS, NL)

s.uuidksinc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.207.24.140 (North Charleston, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 140.24.207.35.bc.googleusercontent.com

rtb.mfadsrvr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 199.38.167.130 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.208.249.213 (Council Bluffs, United States) 2 redirects

ASN19527 (GOOGLE-2, US)
PTR: 213.249.208.35.bc.googleusercontent.com

trace.mediago.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.222.5.91 (Ashburn, United States) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-5-91.deploy.static.akamaitechnologies.com

analytics.pangle-ads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.106.147 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-147.deploy.static.akamaitechnologies.com

qsearch-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c06::5e (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:19ad (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.211.178.172 (North Charleston, United States) 3 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.121.97.20 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.temu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.179.155 (United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f155.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.194.242.12 (United States) 1 redirects

ASN26120 (RHYTHMONE, US)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
r.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.73.29.71 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-29-71.compute-1.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.236.220.17 (Washington, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 17.220.236.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.104.70.67 (Tokyo, Japan) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: li1680-67.members.linode.com

a.c.appier.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.219.12.236 (Ashburn, United States) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-219-12-236.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.191 (United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	doubleclick.net 4 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 cm.g.doubleclick.net — Cisco Umbrella Rank: 219	134 KB
31	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	533 KB
24	ricowhaz.com ricowhaz.com	241 KB
19	media.net contextual.media.net — Cisco Umbrella Rank: 665 warp.media.net — Cisco Umbrella Rank: 2561 lg3.media.net — Cisco Umbrella Rank: 6606 hblg.media.net — Cisco Umbrella Rank: 2037 cs.media.net — Cisco Umbrella Rank: 1381	251 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	78 KB
5	wp.com stats.wp.com — Cisco Umbrella Rank: 2814 pixel.wp.com — Cisco Umbrella Rank: 2796 i0.wp.com — Cisco Umbrella Rank: 3858	3 KB
4	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	255 KB
3	bidswitch.net 3 redirects x.bidswitch.net — Cisco Umbrella Rank: 336	2 KB
3	mxptint.net 3 redirects aep.mxptint.net — Cisco Umbrella Rank: 4966	2 KB
3	owneriq.net 3 redirects px.owneriq.net — Cisco Umbrella Rank: 1523	3 KB
3	google.com www.google.com — Cisco Umbrella Rank: 2	559 B
3	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 2168 0.gravatar.com — Cisco Umbrella Rank: 8413	7 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 586	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com — Cisco Umbrella Rank: 1786	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 818	2 KB
2	turn.com 1 redirects ad.turn.com — Cisco Umbrella Rank: 773 r.turn.com — Cisco Umbrella Rank: 3570	869 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 802 s.tribalfusion.com — Cisco Umbrella Rank: 2218	1 KB
2	akamaihd.net qsearch-a.akamaihd.net — Cisco Umbrella Rank: 1939	592 B
2	pangle-ads.com 2 redirects analytics.pangle-ads.com — Cisco Umbrella Rank: 2266	2 KB
2	mediago.io 2 redirects trace.mediago.io — Cisco Umbrella Rank: 902	746 B
2	rfihub.com 2 redirects a.rfihub.com — Cisco Umbrella Rank: 2935 p.rfihub.com — Cisco Umbrella Rank: 825	2 KB
2	mfadsrvr.com 2 redirects rtb.mfadsrvr.com — Cisco Umbrella Rank: 1100	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
1	appier.net 1 redirects a.c.appier.net — Cisco Umbrella Rank: 8865	602 B
1	simpli.fi 1 redirects um.simpli.fi — Cisco Umbrella Rank: 780	721 B
1	temu.com 1 redirects www.temu.com — Cisco Umbrella Rank: 8551	516 B
1	uuidksinc.net 1 redirects s.uuidksinc.net — Cisco Umbrella Rank: 9014	292 B
135	28

	Domain	Requested by
24	cm.g.doubleclick.net	2 redirects googleads.g.doubleclick.net
24	ricowhaz.com	ricowhaz.com
19	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
12	pagead2.googlesyndication.com	ricowhaz.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
10	googleads.g.doubleclick.net	2 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net
8	contextual.media.net	googleads.g.doubleclick.net contextual.media.net
4	www.googleadservices.com	ricowhaz.com
4	hblg.media.net	googleads.g.doubleclick.net
4	lg3.media.net	googleads.g.doubleclick.net contextual.media.net
4	www.googletagservices.com	googleads.g.doubleclick.net
3	x.bidswitch.net	3 redirects
3	fonts.gstatic.com	fonts.googleapis.com
3	aep.mxptint.net	3 redirects
3	px.owneriq.net	3 redirects
3	www.google.com	googleads.g.doubleclick.net tpc.googlesyndication.com
3	i0.wp.com	ricowhaz.com
2	b1sync.zemanta.com	2 redirects
2	e.dlx.addthis.com	2 redirects
2	pm.w55c.net	2 redirects
2	qsearch-a.akamaihd.net	googleads.g.doubleclick.net
2	analytics.pangle-ads.com	2 redirects
2	trace.mediago.io	2 redirects
2	rtb.mfadsrvr.com	2 redirects
2	warp.media.net	googleads.g.doubleclick.net
2	www.gstatic.com	googleads.g.doubleclick.net
2	fonts.googleapis.com	googleads.g.doubleclick.net
2	secure.gravatar.com	ricowhaz.com
1	a.c.appier.net	1 redirects
1	um.simpli.fi	1 redirects
1	r.turn.com
1	ad.turn.com	1 redirects
1	www.temu.com	1 redirects
1	p.rfihub.com	1 redirects
1	s.tribalfusion.com	googleads.g.doubleclick.net
1	a.tribalfusion.com	1 redirects
1	cs.media.net	contextual.media.net
1	a.rfihub.com	1 redirects
1	s.uuidksinc.net	1 redirects
1	0.gravatar.com	secure.gravatar.com
1	pixel.wp.com	ricowhaz.com
1	stats.wp.com	ricowhaz.com
135	41

This site contains links to these domains. Also see Links.

Domain
www.update.microsoft.com
www.chiark.greenend.org.uk
partedmagic.com
en-gb.wordpress.org

Subject Issuer	Validity	Valid
buy1.baseservers.com R3	`2023-11-10` - `2024-02-08`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2023-12-05` - `2025-01-04`	a year	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
a248.e.akamai.net DigiCert TLS RSA SHA256 2020 CA1	`2023-05-16` - `2024-05-15`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 20 frames:

Primary Page: https://ricowhaz.com/
Frame ID: 1B3A00F28EDA32B7510D501504E019F7
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html
Frame ID: 9C853740C906AE60082E4090FF5DF706
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&adk=1812271804&adf=3025194257&lmt=1702065413&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x1080_l%7C140x1080_r&format=0x0&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065413731&bpp=21&bdt=377&idt=142&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=674355195507&frm=20&pv=2&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=178
Frame ID: E40886BA8177B54D9BFF772648E65EE9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=3363353524&adf=2437083605&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702065413&rafmt=1&to=qs&pwprc=5754973339&format=1200x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065413754&bpp=2&bdt=400&idt=166&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=170
Frame ID: 79173492C1FDC617EE6F44CE214B9398
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31
Frame ID: F97102D380A08654144487BDA707BAA1
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53
Frame ID: 6BA446FE49E266CA509CE0AA6221DCE3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2341355190&adf=4244749459&pi=t.aa~a.1085383348~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=1&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280%2C600x280&nras=5&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=4292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=59
Frame ID: AA86840757E8AA0DA721C9C8C694ADE0
Requests: 15 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 35F0ECD372ED65228D2509CCDAD63DB3
Requests: 9 HTTP requests in this frame

Frame: https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1
Frame ID: 56D0E8D614E7FB47E1BD640392ACA21D
Requests: 11 HTTP requests in this frame

Frame: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2554&&kkdd=Hu%7C!%7Cn3u*hWAH9&DG=ZCJ9Jq*pZpqCZOOO**9&i~hY=J&gEhH=J&0~D=ZZ9d&IE0f=sOpZ&0G~=.jQ*nmZz8&0h0~=wOfd7MBSUZ-3QLiSe2~wG(%3D%3D&0YG~=CC9.9.qOC&EGUf=OOqS9.J&00=Q5&E0=BW&0w3g=oXnavBW&hG~=.zvmpB9.4&IhG~=-Z-*-xv&wIIhE=Z&YYY=IUnFws0_FskMmJmC29(g~r5-OzD9L(iI&3Ef=*&_(=Z&ri~=p&H~IZ=.jQZ54tpO&H~I9=OOCqdZ*O.&7~HIH=E~9%3D3r__yGrY_k_%3DZJyNifYhg%3DJAOCyD(kfS0%3DJA9dyDGEkE~%3D9JpyrY_kYhEk7%3DZ9AC*y~Ngk7%3DJACqy~09%3DZyE0~%3D3MyYHf%3DJ%2CJyDkHE3%3DdJJdy~Ngk_%3D9JyD_9YkE~%3D9J9OZ9J.ZJyGrY_k7%3DdpCAqdyrY_kIT0%3DJyrY_kY9Hk7%3DJyEI~%3D9.O.9*CZZ.yYHI%3DJAJJJ%2CJy_HEI%3Dy0DNi%3D*Ad*yDGEkrY_k7%3DJA*yD_9YkGkE~%3D9J9OZ9J.ZJyGh%3DZw_s5jrnH*hw*a5Ml!pIzGy277%3DJyDGEkrY_k_%3DJyYGGhrH%3DZC%2C9JyfI%3D9OyY0%3DZyYGErG~%3DJ%2CJyD_9YkGk7%3DJAJqyYhEkE~%3D9J9OZ9J.ZpyDGEk7%3D9.*ACdyYH~D%3DJAJJJ%2CJyrY_k7%3DZAJOyD_9YkrY_k7%3DJyD_9YkrY_kDG%3DZ!FZqyrY_kIDG%3DJyrY_k_%3DZJyE_D%3DZ.A*dyi0HI%3DFZy77%3DZdqyDD%3DJy0D_9YkE~%3D9J9yY2D%3Dp9AJCy_9Yk7%3DZJJJyfYhg%3DJAOCyD_9YkrY_kT0%3DJ!JyhEGk0%3DZ%2CZ%2CJ%2CJ%2CJ%2CJ%2CJ%2CJy7g%3DZyhEGk~%3DJyYTf%3DJ%2CJyYH~h%3DJAJJJ%2CJyHOhk7%3D.Ad9%2CZpCApqyEG~%3DCC9.9.qOCyE~%3DZyrG~%3D9RH4gwq_v2E3t.*CDUyrY_kYhEkT0%3DJy0D_9Yk7%3D*Ad*y7I~%3DOJCdCZCqOdJ.JZp9*Zdqd*ZJpOJ9qZJ*.J.OdOOq*JCC.*.Zdp*Jpppqq.*.*Z**.ppp*dCZ*9JdOOC*.JqdO9CqqCJ*.*JpJ*O***9yD(r%3DJA9dy~9hk_%3DZJy0D_9%3D*Ad*yOh02%3DdCOACqyrGg%3DJyYTI%3DJAJJJ%2CJy~ggkEIYi%3DwHYgN3My~9hk7%3DJAd.yNi~9hk7%3DJAd.yEE%3DBXy00%3DQ5yrG(%3DFZy0f%3DJyYhEk7%3DZpCApqyrY_kEYhEk7%3DZ9AC*yY0D%3Dp9AJCyjR%3DOJ*OyYT(h%3DJAJJJ%2CJyT7kr0%3DF9y3IE%3DZyT7k00TE%3DF9y0I%3D3f(%20MNYTy7EEkl-1%3DBX%2CBXyYT(~%3DJAJJJ%2CJy7HEGE9%3DZdqy7HEGEZ%3DZdqyGEnf2%3DJyGEG2%3DJyrY_kYh0k7%3DJy7G~%3DJAOCy~0%3D.yrY_kYhEkYD%3DJyD_9Yk7%3D.Ad9y07~h%3DJAJ.dyE~%3DZyGIMhfkG~%3DZCyEf__fYkIHikG~%3D9.O.9*CZZ.yErhh_MkIHikG~%3Dy~fIf0If~kIHikG~%3DyDGf(H7G_GIM%3DJA9dyhNE%3DOyH0kIMhf%3DZyH~7_T%3D9.O.9*CZZ.yHgh%3DZyNi7G~%3DJAOCJy72_Y%3DJAJZJyErG~%3DjX!5!X(DWziFWd1sni*JZUm7ZUJy~I0%3DfHEIkE0y~ggkfYhg%3D2H_Efy~gg%3DwHYgN3My7~h0Hh~%3DJy~H_i%3Dr3GEN3ZOyEigI%3D_N3ikIHG_kwNgfhHifk0HI0wH__yEN7h%3DJA9OySG~%3DXceFhr7F*.Zd*q9OqCOq*ZJZywIg_%3DZy~0rI%3DC*y~Ni7%3DJFZyG70%3DZy3EU%3DZyIiE%3DOOqS9.Jy7E7%3DJy7Eh%3DJyIgS%3DZdC&3ID=J&ggg=reNEB2RcV!T%3D&G(=OOq&G3R2Y=Z&7~YR~=9dp&7G~=OpZOJp&g02=dd9J&M~EhY=Z&7Hf=bSfifpUBbBybSfifppfbBypff&THIhYf=Z&THI7G~=FZJ9&Mh_h=Z&GEG~=9&EEg0YkDfY=*&hiG~=hZp9Z.ZCC*9I9J9OZ9J.Zd*q&EE_~=%7B%22EEGh%22%3A%229HJ~%3A*qJJ%3AJJ9p%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%22%2C%22EE00%22%3A%22Q5%22%2C%22EEE0%22%3A%22BW%22%2C%22EE0IM%22%3A%22Bf(%20WNYT%22%7D&wIg_EY0=Z&sflct=4952349&ure=1
Frame ID: EC70ABAF27C70AD4E96166AABAC95172
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU1SGZ43&prvid=462%2C99%2C77%2C20000%2C313%2C319%2C294%2C460&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Frame ID: F6F9AA8C055E5376C4611BC192D5482E
Requests: 2 HTTP requests in this frame

Frame: https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1
Frame ID: A484152AD3C9E9E43E177458CA071DE0
Requests: 12 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 03871D08E9C6DD5A6AEB28B673517236
Requests: 9 HTTP requests in this frame

Frame: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2623&&kkdd=AA%7Ch%7C3n*AuH9&q~=lO.!.)0*l0O*lJJ))!J&FZeC=.&-feD=.&_Zq=ll!P&xf_z=bN*l&_~Z=JIA0K2lHs&_e_Z=8NzPWQvRyln7ABFRi(Z8~V%3D%3D&_C~Z=OO!J!J)NO&f~yz=NN)R!J.&__=A1&f_=vM&_87-=f--G-~FCDx~u7Gxzfx&e~Z=JHk2*v!JS&xe~Z=nln0nwk&8xxef=l&CCC=xyKr8b_3rbGQ2.2O(!V-Zj1nNHq!BVFx&7fz=0&3V=l&jFZ=*&DZxl=JIAl1So*N&DZx!=NNO)Pl0NJ&WZDxD=fZ!%3D7j33Y~jC3G3%3Dl.YuFzCe-%3D.4!OYZu-GW%3D.4O)Yf_Z%3D7QYCDz%3D.%2C.YZu-G3%3D!.Yq3!CGfZ%3D!.!Nl!.Jl.Y~jC3GW%3DP*O4)PYjC3Gxm_%3D.YjC3GC!DGW%3D.YfxZ%3Dll*JJN.Pl)YCDx%3D.4...%2C.Y~e%3Dl83b1IjKD0e80L1Qc6*xH~Y(WW%3D.YC~~ejD%3DlO%2C!.YC_%3DlYC~fj~Z%3D.%2C.YCefGfZ%3D!.!Nl!.Jl*YCDZq%3D.4...%2C.YjC3GW%3Dl4.NYq3!CGjC3GW%3D.Yf--GVC%3DO4lOllYjC3G3%3Dl.Yf3q%3DlJ40PYF_Dx%3DrlYWW%3DlP)Yf--G-j3%3D.4J!YzCe-%3D.4!OYq3!CGjC3Gm_%3D.6.Yef~G_%3Dl%2Cl%2C.%2C.%2C.%2C.%2C.%2C.YW-%3DlYef~GZ%3D.YCmz%3D.%2C.YDNeGW%3DJ4P!%2Cl*O4*)YfZ%3DlYj~Z%3D!aDS3b-q85*jNSOP18Y_q3!CGW%3D04P0YWxZ%3DN.OPOlO)NP.J.ll.)Pl..J.NNN)lJl0lJ)!.*!O.J*P*.ON!!P*P*J).0!P)l0NJ!.!NlO*0)P!!OlPl!NOO0P!ONlNJJJ0P.)P!N0!Yj~-%3D.YCmx%3D.4...%2C.YuFZ!eGW%3D.4P0Yff%3DvpY__%3DA1Yj~V%3DrlY_z%3D.YC_q%3D*!4.OYIa%3DN.0*YmWGj_%3Dr!Y7xf%3DlYmWG__mf%3Dr!Y_x%3D7zV%20QuCmYWffGcnT%3Dvp%2CvpYWDf~f!%3DlP)YWDf~fl%3DlP)YZ_%3DJYq3!CGW%3DJ4P!YqVGzR_%3D.4!NYq~fGfZ%3D!.*YjC3GCefGW%3Dl!4O0YZ_!%3DlYqGDf7%3DP..PY3Dfx%3DY_quF%3D04P0Yq~fGjC3GW%3D.40Yq3!CG~GfZ%3D!.!Nl!.Jl.Yq~fGjC3G3%3D.Yzx%3D!NYq3!CG~GW%3D.4.)Yq~fGW%3D!lN4*OYq3!CGjC3Gq~%3Dl6rl)YjC3Gxq~%3D.Yqq%3D.Y_q3!CGfZ%3D!.!YC(q%3D*!4.OY3!CGW%3Dl...Yf--GfZ%3D!.!Nl!.JlNYCDZe%3D.4...%2C.Yf~Z%3DOO!J!J)NOYjC3GCefGm_%3D.YqVj%3D.4!NYZ!eG3%3Dl.Y_q3!%3D04P0YNe_(%3DPON4O)YZ--GfxCF%3Df--G-~FCDx~u7GxzfxYZ!eGW%3D.4POYCefGW%3Dl*O4*)YjC3GfCefGW%3Dl!4O0YCmVe%3D.4...%2C.YCmVZ%3D.4...%2C.Y~fKz(%3D.Y~f~(%3D.YjC3GCe_GW%3D.YW~Z%3D.4!!YjC3GCefGCq%3D.Y_WZe%3D.4!!.YfZ%3DlY~xQezG~Z%3DlOYfz33zCGxDFG~Z%3Dll*JJN.Pl)Yfjee3QGxDFG~Z%3DYZzxz_xzZGxDFG~Z%3DYq~zVDW~3~xQ%3D.4!NYeuf%3DNYD_GxQez%3DlYDZW3m%3Dll*JJN.Pl)YD-e%3DlYuFW~Z%3D.4!O.YW(3C%3D.4.l.Yfj~Z%3DIp616HplRpt5ib!Pngf_8aGQj0AYZx_%3DzDfxGf_YZ--GzCe-%3D(D3fzYZ--%3Df--G-~FCDx~u7GxzfxYWZe_DeZ%3D.YZD3F%3Df--YfF-x%3D3u7FGxD~3G8u-zeDFzG_Dx_8D33YfuWe%3D.4lOYR~Z%3Dp5irejWr0JlP0)!N)ON)0l.lY8x-3%3DlYf--GDe~%3DqlY~W_%3DlY7fy%3DlYxFf%3DNN)R!J.YWfW%3D.YWfe%3D.Yx-R%3D!.!&7xq=.&---=jiufv(a5g6m%3D&~V=NN)&~7a(C=l&WZCaZ=!P*&W~Z=NNOPP0&-_(=PP!.&QZfeC=l&WDz=hRzFz*yvhvYhRzFz**zhvY*zz&mDxeCz=l&mDxW~Z=rl.!&Qe3e=l&~f~Z=!&ff-_CGqzC=0&eF~Z=el*!lJlOO0!x!.!Nl!.JlP0)&ff3Z=%7B%22ff~e%22%3A%22!D.Z%3A0)..%3A..!*%3A....%3A....%3A....%3A....%3A....%22%2C%22ff__%22%3A%22A1%22%2C%22fff_%22%3A%22vM%22%2C%22ff_xQ%22%3A%22vzV%20MuCm%22%7D&8x-3fC_=l&sflct=4952349&ure=1
Frame ID: C061C5DF5E4EC03AE5643CE9F87D72FD
Requests: 6 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU1SGZ43&prvid=462%2C99%2C77%2C20000%2C313%2C319%2C294%2C460&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Frame ID: CAC3BD970644CA01AAE8CE780DD4150D
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 76E92B3B340C6F669569B93EFB3739AA
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: B9C23F34FDB0F48CA4E9B6F35EF43C7C
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js
Frame ID: 3CC9B92AF79337361C7B2DD1D66D70A7
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 36333A34C44B60B35E73A81C9229B1BB
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CBA50EABDF3E9C8695B37B567F56F3D8
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ricowhaz I.T. -

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

135
Requests

64 %
HTTPS

30 %
IPv6

28
Domains

41
Subdomains

20
IPs

5
Countries

1519 kB
Transfer

3745 kB
Size

40
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://www.update.microsoft.com/microsoftupdate/v6/default.aspx
Title: http://www.update.microsoft.com/microsoftupdate/v6/default.aspx

Search URL Search Domain Scan URL

URL: http://www.chiark.greenend.org.uk/~sgtatham/putty/
Title: Putty

Search URL Search Domain Scan URL

URL: https://partedmagic.com/
Title: Parted Magic

Search URL Search Domain Scan URL

URL: https://en-gb.wordpress.org/
Title: WordPress.org

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://px.owneriq.net/ecmg?google_gid=CAESEEXKuXgof3-P29OMyzMRXyY&google_cver=1&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fcm.g.doubleclick.net%2fpixel%3fgoogle_nid%3downeriq1%26google_sc%26google_push%3dAXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg%26google_cver%3d1%26google_gid%3dCAESEEXKuXgof3-P29OMyzMRXyY%26google_hm%3dUTc1NTM1MTgxNDEyMjkxMjkyODQ%3d&uid=Q7553518141229129284&ref=%2Fecmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg&google_cver=1&google_gid=CAESEEXKuXgof3-P29OMyzMRXyY&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODQ=

Request Chain 69

https://aep.mxptint.net/sn.ashx?google_gid=CAESEFrTWJ8C-cM0degB_-Jp8JM&google_cver=1&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Request Chain 70

https://s.uuidksinc.net/match/47/?remote_uid=CAESEJgGpZQ4wDrcNfC9rjgjn0M&c_param1=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ

Request Chain 71

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEMvj_JUHsZ346K0n0O4tUsg&google_cver=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdWPxcyPv6sir1VY__koLVAvDsC9f8 HTTP 302
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEMvj_JUHsZ346K0n0O4tUsg&google_cver=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdWPxcyPv6sir1VY__koLVAvDsC9f8 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=ZHUbVXUwQDitrVVYCl1Uiw==&no_redirect=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdWPxcyPv6sir1VY__koLVAvDsC9f8

Request Chain 72

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJJ9Ssz8X_L0JivifTLdAFE&google_cver=1&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41TaysoAqx_Ok HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41TaysoAqx_Ok&google_hm=ODYwNjg5NzgwNTc1MzE4MzI5Nw==

Request Chain 73

https://trace.mediago.io/cs/google?google_gid=CAESEIuWQUNNZI9-XHro50dLVXU&google_cver=1&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9FgDCnHY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9FgDCnHY&google_hm=81fa84b76b60920d18hees00lpx1svdv

Request Chain 74

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEItBA-upNWSW47bi65pwnYI&google_cver=1&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8R0Kj6SgNZoSNadwB0liWFw8q5AqS_pDwuY9ib HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8R0Kj6SgNZoSNadwB0liWFw8q5AqS_pDwuY9ib

Request Chain 92

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzQ1MDY3MDE0MDgxMzM2OTAwMFYxMA%3D%3D&google_sc=1 HTTP 302
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESECzcpXIFLLxtPB2XWBB0drw&google_cver=1

Request Chain 105

https://px.owneriq.net/ecmg?google_gid=CAESEKladjn75j9dsh81JoIWNKk&google_cver=1&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5&google_cver=1&google_gid=CAESEKladjn75j9dsh81JoIWNKk&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODRQ

Request Chain 106

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 107

https://aep.mxptint.net/sn.ashx?google_gid=CAESEIN8LieYXZWSzjGQhDTf9ro&google_cver=1&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Request Chain 108

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIC8qKP6J0jTmKnxj8vmXI4&google_cver=1&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIC8qKP6J0jTmKnxj8vmXI4&google_cver=1&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27 HTTP 302
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=119&user_id=8606897805753183297&expires=30&ssp=google HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27&google_hm=1xabyvG4QSSBAWR1MlhUyQ==

Request Chain 109

https://trace.mediago.io/cs/google?google_gid=CAESEMIhfIK5MoOU1VTfhUlIs2c&google_cver=1&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmdYl5UtY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmdYl5UtY&google_hm=81fa84b76b60920d18hees00lpx1svdv

Request Chain 110

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEGK9yj7kBB8L99TIQE47cCg&google_cver=1&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l3F6OIw8lf96VjoNS5Yp1VP_-gMW1N8kzBOps HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l3F6OIw8lf96VjoNS5Yp1VP_-gMW1N8kzBOps

Request Chain 111

https://www.temu.com/api/adx/cm/pixel?google_gid=CAESEPdWRbJ2_kgdfq2T6MNErUI&google_cver=1&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsTwRQhuT_GU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1371970550&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsTwRQhuT_GU

Request Chain 113

https://googleads.g.doubleclick.net/pagead/adview?ai=COxiIBnVzZY_WCIblrr4PwJKyEMis2NJ0yOvdwsASZBABILaczQNgycapi8Ck2A-gAf3q64YDyAEJqAMByAPLhICABKoE4wFP0DqZHJ-dmbFY0VFEWksbPlCe5qpSr8KlFH0Obk7L6xddJuv4yUKKBExdj7z5JTsU4K9IwoquyQ-RbTsvnjSrrlcjRU_yivuACR25940JlnPOZkpiNsJXKtKB5cDYGC1pYPm0Ia6AG7LXBZeopJ4U_mQMpott3Arp5K6dI-VLdTGgl3ojGdwU1eT3g2qEc-f__hYSyNX6iDRAPrNNZwQO4GidC9eM11d7zquO2w6iLJ7sXc6xoAlNX3EApwI6zWDbgHpJRIlZZiq1rjgo2e2JM6sjMruhGCAiFeAv0nx1l0uxSMAElJSa3cUEiAWa4NyYSZIFBAgEGAGSBQQIBRgEoAYugAeEst-5A6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEIaYB9IIHQiAYRABGB8yAooCOgKAQEi9_cE6WJW0k-PPgIMDmglWaHR0cHM6Ly9vbmxpbmUuZW0ua2VsbG9nZy5ub3J0aHdlc3Rlcm4uZWR1L3Byb2Zlc3Npb25hbC1jZXJ0aWZpY2F0ZS1wcm9kdWN0LW1hbmFnZW1lbnSACgHICwGiDBAqDgoM5LSxAu61sQK1uLEC2gwQCgoQ8Jm_soDzhaNaEgIBA7gT5APYEw3QFQGAFwGyFxwKGggAEhRwdWItNTgxOTU2MjM2NzM2NTEwMRgA&sigh=OBR1fGH9BIQ&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSOwDICaaN5fzEO-fIWzrCcn3MnVAGKskaIspNsWypesDWrWy94nPn1IlSdjuJH7LXahsSFGbNtSo_nMdjGAE&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x97acd0d5eea8fbd70000000000000000%22,%222%22:%220x4d2af345a33975980000000000000000%22,%223%22:%220xd834b75d202f08910000000000000000%22,%224%22:%220x303e010fccc230c0000000000000000%22,%225%22:%220xa352280a7511c890000000000000000%22},%22debug_key%22:%226071869488420404651%22,%22debug_reporting%22:true,%22destination%22:%22https://northwestern.edu%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22819656061%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229610824144112650193%22}&andc=true

Request Chain 114

https://googleads.g.doubleclick.net/pagead/adview?ai=CncQqBXVzZZ2pOoyMrr4P-b29sA_hqIfcdIq7-PCSEYrI5MGUDhABILaczQNgycapi8Ck2A-gAcj0xcYpyAEJqQLHxm3cKZh4PqgDAcgDywSqBOYBT9BlO8HYpsxgvgVUIq9GYkPa90PlbWYNxiDau_jMcsRKD21z_pOTCQ6mz-PRTYn3dAB_ScqOvIpcuC6ruJdahMGVbW12sa5rnV6wSqhFoXcT8kxfilwHxad3aBJiqkoWs0V0I790DZFf_7XwiUFUugPy7RebWIL4xfXSxoSWmoAwabF9Oe4hHXOjxSkDQckfBBw8fGvnJJx03FCKiRcYu_GLkdkrlPWu9hWyJr63_npVym5TSunsm-GawLvRzIe4qVy5PnyfWA_m8RwlKfKE6oTeoSLMliDbEl0dAhsJ3Xh5AFYrO3TABPeK84G5BIgFtZ-NmkySBQQIBBgBkgUECAUYBKAGLoAHtOas5ASoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBCk3gTSCB0IgGEQARgfMgKKAjoCgEBIvf3BOli6iojjz4CDA5oJhQFodHRwczovL3VzLmZvYmx1ZS5jb20vZHNyP3E9d2Fsa2luJTIwc2hvd2VycyZyYWM9U2VhcmNoJTIwZm9yJTIwd2Fsa2luJTIwc2hvd2VycyZhc2lkPWZiX2NoODgmbnc9ZCZkZT1jJmxwaWQ9OTA2NzYwOSZwdWI9cmljb3doYXouY29tgAoByAsBogwcKhoKGOS0sQLutbECtbixAuS0sQLutbECu7uxAtoMEQoLEPDt4sHL6_CJjAESAgEDuBPkA9gTDIgUA9AVAYAXAbIXHAoaCAASFHB1Yi01ODE5NTYyMzY3MzY1MTAxGAA&sigh=Xs64ALWttcE&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNFDIZi6ae4PLGcDyAbWLlrNr5zFv6bqV36RuxivVeENNizfWsop4jCu0YFhEhiHuds60Hxxj1Bhw1WrrigrRten6iAzOYksX8GsoYAQ&template_id=484&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdcfa54cd8fbfee8a0000000000000000%22,%222%22:%220x69382699c328a3ef0000000000000000%22,%223%22:%220x682d7d552cb530e80000000000000000%22,%224%22:%220x76f4a551b20f5c990000000000000000%22,%225%22:%220x93e6b96a68622b860000000000000000%22},%22debug_key%22:%22735520175073022829%22,%22debug_reporting%22:true,%22destination%22:%22https://foblue.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211153799752%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22461550541492203825%22}&andc=true

Request Chain 122

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1&google_push=AXcoOmQBGc-2DuNtfSYDQL3b4FBzILlYfL30RtIfybF7COnkGkow27AfnKy9Bdz6cmuJRgjEQfkIuS9BohH3FtQjVyjIbK8Zq0UXiQuM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjY1MTcyMDkzNTIxNjQ2MjA3NA==&gdpr=&gdpr_consent= HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1

Request Chain 123

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-udAV4w3nI7wxU35ZztcAO1atIhKnfIPOwyHKfBT2aVGM0LM1rO91JPoD-Wt HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-udAV4w3nI7wxU35ZztcAO1atIhKnfIPOwyHKfBT2aVGM0LM1rO91JPoD-Wt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y2ZOd0h3NkExUmJHWFo1&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-udAV4w3nI7wxU35ZztcAO1atIhKnfIPOwyHKfBT2aVGM0LM1rO91JPoD-Wt

Request Chain 124

https://aep.mxptint.net/sn.ashx?google_gid=CAESEGYKWq0KiEkie92gFB1rVhM&google_cver=1&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8ZagnhbX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8ZagnhbX&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Request Chain 125

https://um.simpli.fi/gp_match?google_gid=CAESEMReQykTVeTLrR1dwATcvuc&google_cver=1&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhhQ-YofXX34l8VrFJkb HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BE8A48E3FCED4E79BC63981C75CE5C33&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhhQ-YofXX34l8VrFJkb

Request Chain 126

https://a.c.appier.net/gcm?google_gid=CAESEGbYTxrkydbP-yxCdK6Vde4&google_cver=1&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9yZW-SrHDgoqwrzIk5aqy HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dnlUZ205R2tBWkdGU0xrQ0IzVnpaUQ%3D%3D&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9yZW-SrHDgoqwrzIk5aqy

Request Chain 127

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Ruij5kHH13KCmetIaTNfyu_Xd-JnOu-f9_fe8&google_gid=CAESEIlSFYIc1JmwRMCE4AnZaog&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Ruij5kHH13KCmetIaTNfyu_Xd-JnOu-f9_fe8&google_gid=CAESEIlSFYIc1JmwRMCE4AnZaog&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDgxOTU2NTUwMDA1MzYwMjQwOTk0OA%3D%3D&google_push=AXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Ruij5kHH13KCmetIaTNfyu_Xd-JnOu-f9_fe8

Request Chain 128

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELPEf_-0f_Hpi5uXhF1ZAQw&google_cver=1&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0 HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESELPEf_-0f_Hpi5uXhF1ZAQw&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0&google_hm=Q2V0ZC1JR0M5ekFoYWRkU0Q1Rmc=

135 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ricowhaz.com/ 89 KB
21 KB 105ms
31ms Document
text/html 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed / PHP/8.0.26
Resource Hash: 99b7e4c438d8bf6e34928cc64ed56407b3ffd550e426fc1cf40096e5b82bc80b

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 19:56:53 GMT
etag: "32206-1701898856;br"
link: <https://ricowhaz.com/wp-json/>; rel="https://api.w.org/" <https://wp.me/7O5Yx>; rel=shortlink
server: LiteSpeed
vary: Accept-Encoding,User-Agent
x-litespeed-cache: hit
x-powered-by: PHP/8.0.26

GET
H2 200 twentysixteen.css
ricowhaz.com/wp-content/plugins/jetpack/modules/theme-tools/compat/ 16 KB
3 KB 29ms
29ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/modules/theme-tools/compat/twentysixteen.css?ver=12.9
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: ea31048ed21bd3fb40bb09e6d4f49792da9588b27008978c544e312036fbb8e2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:44 GMT
server: LiteSpeed
etag: "3ffb-656f77d0-6e0e305a1998099a;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2815
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 style.min.css
ricowhaz.com/wp-includes/css/dist/block-library/ 107 KB
13 KB 51ms
42ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 08 Nov 2023 13:31:46 GMT
server: LiteSpeed
etag: "1add3-654b8dc2-45115b5f486ec6b;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 13607
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
ricowhaz.com/wp-includes/js/mediaelement/ 11 KB
2 KB 51ms
43ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Mon, 04 Oct 2021 13:31:52 GMT
server: LiteSpeed
etag: "2bf8-615b0248-97569508ffb80494;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 2394
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 wp-mediaelement.min.css
ricowhaz.com/wp-includes/js/mediaelement/ 4 KB
1 KB 52ms
44ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.2
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Mon, 04 Oct 2021 13:31:52 GMT
server: LiteSpeed
etag: "105a-615b0248-c78428db2d80804;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 982
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 merriweather-plus-montserrat-plus-inconsolata.css
ricowhaz.com/wp-content/themes/twentysixteen/fonts/ 19 KB
1 KB 72ms
65ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 71adc15350145604f7a2794da7be297e14345f3fb31c4ea37c8a97e5e0b2ccd0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "4b81-65147cba-a3be34e9601de098;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1052
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 genericons.css
ricowhaz.com/wp-content/plugins/jetpack/_inc/genericons/genericons/ 28 KB
16 KB 73ms
67ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/_inc/genericons/genericons/genericons.css?ver=3.1
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:42 GMT
server: LiteSpeed
etag: "6e6a-656f77ce-b53ab62f115975c7;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 15970
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 style.css
ricowhaz.com/wp-content/themes/twentysixteen/ 69 KB
13 KB 74ms
68ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/style.css?ver=20230328
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 0c1808af7c4fd6303086de89cb0a5cab2b4ab5613fd0bb51149b52f5ecd04966

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "114fd-65147cba-d87f5a273435e0d1;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12758
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 blocks.css
ricowhaz.com/wp-content/themes/twentysixteen/css/ 9 KB
2 KB 75ms
70ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/css/blocks.css?ver=20230206
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 2d7599e7355f74647511d36b0790e74fa070e990eb6e7dbe9086bbdc28c74e67

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "233f-65147cba-556f00c02a36ae8f;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1806
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 jetpack.css
ricowhaz.com/wp-content/plugins/jetpack/css/ 99 KB
17 KB 76ms
71ms Stylesheet
text/css 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/css/jetpack.css?ver=12.9
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 6a360e4e3e7c65709b0ffefc54e4f116ea6d8c9909e68ff4578284ebaf07c5f1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:39 GMT
server: LiteSpeed
etag: "18cea-656f77cb-cef002332e5c5d61;br"
vary: Accept-Encoding,User-Agent
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 17524
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 jquery.min.js Show response
ricowhaz.com/wp-includes/js/jquery/ 86 KB
29 KB 81ms
76ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 08 Nov 2023 13:31:49 GMT
server: LiteSpeed
etag: "15601-654b8dc5-eafd170bae6b21dd;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 29744
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 jquery-migrate.min.js Show response
ricowhaz.com/wp-includes/js/jquery/ 13 KB
5 KB 81ms
76ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 17:13:16 GMT
server: LiteSpeed
etag: "3509-651462ac-1f19416e4ebe8375;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4678
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 153 KB
52 KB 79ms
41ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ricowhaz.com
URL: https://ricowhaz.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

535c3c88f547bd59387259153afc270060804d5c446f97128f12842e253df541

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52580
x-xss-protection: 0
server: cafe
etag: 16666462902274184696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:53 GMT

GET
H2 200 acaedd2e4bfb5244e6e86749f5131a68
secure.gravatar.com/avatar/ 1 KB
1 KB 47ms
47ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/acaedd2e4bfb5244e6e86749f5131a68?s=49&d=mm&r=g
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 06f880720e7ad1208cc5dd7e3555ef2d0639196d01b4dfea9663436a02464b28

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc: MISS jfk 1
date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="acaedd2e4bfb5244e6e86749f5131a68.png"
accept-ranges: bytes
link: <https://gravatar.com/avatar/acaedd2e4bfb5244e6e86749f5131a68?s=49&d=mm&r=g>; rel="canonical"
content-length: 1091
alt-svc: h3=":443"; ma=86400
expires: Fri, 08 Dec 2023 20:01:53 GMT

GET
H2 200 image-cdn.js Show response
ricowhaz.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/ 701 B
417 B 77ms
77ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-image-cdn/dist/image-cdn.js?minify=false&ver=132249e245926ae3e188
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:42 GMT
server: LiteSpeed
etag: "2bd-656f77ce-db8d371ca139b02b;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 330
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 gprofiles.js Show response
secure.gravatar.com/js/ 13 KB
5 KB 30ms
8ms Script
application/javascript 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.gravatar.com/js/gprofiles.js?ver=202349

Requested by

Host: ricowhaz.com
URL: https://ricowhaz.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Tue, 28 Nov 2023 13:47:28 GMT
server: nginx
etag: W/"6565ef70-329d"
content-type: application/javascript
cache-control: max-age=604800
alt-svc: h3=":443"; ma=86400
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 wpgroho.js Show response
ricowhaz.com/wp-content/plugins/jetpack/modules/ 2 KB
794 B 45ms
45ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=12.9
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:44 GMT
server: LiteSpeed
etag: "7a1-656f77d0-9ebd0367a15baa7f;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 731
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 skip-link-focus-fix.js Show response
ricowhaz.com/wp-content/themes/twentysixteen/js/ 1 KB
540 B 28ms
27ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/js/skip-link-focus-fix.js?ver=20170530
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 6d4083520c18bfdcdffb319248525ebf8f1a547326e10c02e6a0ed0b1722ae9a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "423-65147cba-c70068c3f5c14abd;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 477
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 functions.js Show response
ricowhaz.com/wp-content/themes/twentysixteen/js/ 7 KB
2 KB 29ms
28ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/js/functions.js?ver=20211130
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: fe4725d967cdafe16e972f934768dd5794a931d2e16f10a19a3e681f4afad7eb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "1ca1-65147cba-be8e6e774a200797;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 1906
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 e-202349.js Show response
stats.wp.com/ 7 KB
3 KB 31ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202349.js
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT jfk
date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1695421998473.3982
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 02 Dec 2024 06:26:27 GMT

GET
H2 200 jetpack-carousel.min.js Show response
ricowhaz.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
7 KB 28ms
27ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=12.9
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Tue, 05 Dec 2023 19:19:41 GMT
server: LiteSpeed
etag: "5e2d-656f77cd-7b60c8ec8d72d4c8;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 7038
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
BLOB 200
OK 4fbfc9c9-bdef-40c7-b593-0faa91981e38
https://ricowhaz.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://ricowhaz.com/4fbfc9c9-bdef-40c7-b593-0faa91981e38
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 montserrat-latin-700-normal.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/montserrat/ 13 KB
13 KB 31ms
26ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/montserrat/montserrat-latin-700-normal.woff2?ver=25
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: f31b80562610135edd91a86ec7f243c5eeaec2ec08337e6a20c2d135d8e217da

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "3230-65147cba-b4ff6f4ce5094832;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12848
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 merriweather-latin-400-normal.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/ 20 KB
20 KB 32ms
28ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/merriweather-latin-400-normal.woff2?ver=30
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "4e3c-65147cba-d5f4c55e50777741;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 20028
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 merriweather-latin-700-italic.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/ 19 KB
20 KB 33ms
30ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/merriweather-latin-700-italic.woff2?ver=30
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 3642df12f0d930d5846a96652080908eb2f383b602a95cf80d1e6227e66e1c46

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "4dbc-65147cba-1a6300e0c6fde343;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 19900
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 merriweather-latin-700-normal.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/ 19 KB
19 KB 34ms
31ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/merriweather-latin-700-normal.woff2?ver=30
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "4d1c-65147cba-17fb8ea83aca5b4;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 19740
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 montserrat-latin-400-normal.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/montserrat/ 12 KB
12 KB 35ms
32ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/montserrat/montserrat-latin-400-normal.woff2?ver=25
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "31a4-65147cba-3cba8a9af0abf0ce;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 12708
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 merriweather-latin-400-italic.woff2
ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/ 19 KB
19 KB 35ms
33ms Font
font/woff2 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather/merriweather-latin-400-italic.woff2?ver=30
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4

Request headers

Referer: https://ricowhaz.com/wp-content/themes/twentysixteen/fonts/merriweather-plus-montserrat-plus-inconsolata.css?ver=20230328
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
last-modified: Wed, 27 Sep 2023 19:04:26 GMT
server: LiteSpeed
etag: "4d44-65147cba-87d4fa97c54ef7c3;;;"
vary: User-Agent
content-type: font/woff2
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 19780
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
DATA 200
OK truncated
/ 14 KB
14 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin: https://ricowhaz.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 16ms
11ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=115373725&post=0&tz=-5&srv=ricowhaz.com&j=1%3A12.9&host=ricowhaz.com&ref=&fcp=401&rand=0.9190114014519595
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 08 Dec 2023 19:56:53 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
ricowhaz.com/wp-includes/js/ 18 KB
5 KB 27ms
26ms Script
application/javascript 67.213.82.10
AS40028

General

Check archive.org

Show headers Download Go to

Full URL: https://ricowhaz.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 67.213.82.10 Toronto, Canada, ASN40028 (AS40028, CA),
Reverse DNS: buy1.baseservers.com
Software: LiteSpeed /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
last-modified: Wed, 27 Sep 2023 17:13:16 GMT
server: LiteSpeed
etag: "4904-651462ac-825b798be276ddbc;br"
vary: Accept-Encoding,User-Agent
content-type: application/javascript
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 4651
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 hovercards.min.css
0.gravatar.com/js/hovercards/ 3 KB
1021 B 15ms
11ms Stylesheet
text/css 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://0.gravatar.com/js/hovercards/hovercards.min.css

Requested by

Host: secure.gravatar.com
URL: https://secure.gravatar.com/js/gprofiles.js?ver=202349

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
last-modified: Wed, 11 Oct 2023 03:50:13 GMT
server: nginx
etag: W/"65261b75-d5d"
content-type: text/css
cache-control: max-age=604800
expires: Fri, 15 Dec 2023 19:56:53 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 398 KB
135 KB 69ms
69ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ae55db58ecb56df26351945eafa085c15e7b16542c5515a162e49c27b3334019

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:53 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137683
x-xss-protection: 0
server: cafe
etag: 7593437900132857387
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:53 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/ Frame 9C85 9 KB
4 KB 56ms
15ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 6500
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 18:08:33 GMT
etag: 5585625838579639069
expires: Fri, 22 Dec 2023 18:08:33 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 404 remove-ilo-license.jpg
i0.wp.com/it.ricowhaz.com/wp-content/uploads/2017/01/ 65 B
65 B 85ms
58ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2017/01/remove-ilo-license.jpg?resize=511%2C412
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i0.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc: MISS jfk 2
date: Fri, 08 Dec 2023 19:56:53 GMT
server: nginx
alt-svc: h3=":443"; ma=86400
content-type: text/html; charset=utf-8

GET
H2 404 diskmgr.jpg
i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/ 65 B
65 B 86ms
60ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/diskmgr.jpg?resize=840%2C211
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i0.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc: MISS jfk 4
date: Fri, 08 Dec 2023 19:56:53 GMT
server: nginx
alt-svc: h3=":443"; ma=86400
content-type: text/html; charset=utf-8

GET
H2 404 diskpart.jpg
i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/ 65 B
65 B 86ms
61ms Image
text/html 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/diskpart.jpg?resize=510%2C414
Requested by: Host: ricowhaz.com
URL: https://ricowhaz.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: i0.wp.com
Software: nginx /
Resource Hash: 3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc: MISS jfk 3
date: Fri, 08 Dec 2023 19:56:53 GMT
server: nginx
alt-svc: h3=":443"; ma=86400
content-type: text/html; charset=utf-8

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E408 8 KB
1 KB 88ms
87ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&adk=1812271804&adf=3025194257&lmt=1702065413&plaf=1%3A2%2C2%3A2%2C7%3A2&plat=1%3A128%2C2%3A128%2C3%3A128%2C4%3A128%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x1080_l%7C140x1080_r&format=0x0&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065413731&bpp=21&bdt=377&idt=142&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=674355195507&frm=20&pv=2&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=178

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa5a48e7c051389fce888904d5a43aa682dfaa77acd87653d9de8c8f69504b5b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 1247
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:53 GMT
expires: Fri, 08 Dec 2023 19:56:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7917 120 KB
40 KB 707ms
707ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=3363353524&adf=2437083605&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702065413&rafmt=1&to=qs&pwprc=5754973339&format=1200x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065413754&bpp=2&bdt=400&idt=166&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=170

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f49be6c60342bc282703ccb7fb78385409b6c6fc4f9328a220ad58d769babcd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 40722
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:54 GMT
expires: Fri, 08 Dec 2023 19:56:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F971 61 KB
22 KB 637ms
636ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2535b877fe93bd77e881ac89826cc9bc1a4f9e781d2f93195aec2f755fea6704

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 22341
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:54 GMT
expires: Fri, 08 Dec 2023 19:56:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6BA4 60 KB
22 KB 737ms
736ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b7e16fe8c5ac8f580a31ff998598f32d1db881ff2fe685bd7d2a809591734540

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 22024
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:54 GMT
expires: Fri, 08 Dec 2023 19:56:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AA86 118 KB
41 KB 559ms
558ms Document
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2341355190&adf=4244749459&pi=t.aa~a.1085383348~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=1&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280%2C600x280&nras=5&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=4292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=59

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f899487e6c06fa9e0a1987640f201c14ac8204213dbd350c589d8eeb90df0fe2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41932
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:54 GMT
expires: Fri, 08 Dec 2023 19:56:54 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 7917 4 KB
1 KB 68ms
29ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=3363353524&adf=2437083605&pi=t.aa~a.108489206~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1702065413&rafmt=1&to=qs&pwprc=5754973339&format=1200x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065413754&bpp=2&bdt=400&idt=166&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=2&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=170

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 19:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 19:16:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7917 2 KB
856 B 146ms
63ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:01:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 7917 24 KB
9 KB 146ms
65ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 17:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 17:50:49 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7917 3 KB
1 KB 144ms
64ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5044
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:32:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7917 20 KB
9 KB 86ms
7ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:18:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:18:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7917 202 KB
64 KB 172ms
92ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 7917 37 KB
16 KB 95ms
16ms Script
text/javascript 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 04:10:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 06 Mar 2024 18:27:28 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/15876845073913645327/ Frame 7917 188 KB
189 KB 90ms
13ms Image
image/jpeg 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15876845073913645327/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

86d9f6febcaec5c27ce943f179bbec765c0b1978a2561ce688294fe18d3e2100

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 15:10:08 GMT
x-content-type-options: nosniff
age: 17206
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192616
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 07:25:10 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 15:10:08 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/10025833206713060003/ Frame 7917 3 KB
3 KB 136ms
60ms Image
image/png 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10025833206713060003/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd597f94288999f67040d4d40f391e16502e5f145e898c678c5c9544a5b9ab96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:08:50 GMT
x-content-type-options: nosniff
age: 92884
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2830
x-xss-protection: 0
last-modified: Mon, 14 Aug 2023 15:03:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Fri, 06 Dec 2024 18:08:50 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame AA86 4 KB
728 B 29ms
28ms Stylesheet
text/css 2607:f8b0:4004:c09::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2341355190&adf=4244749459&pi=t.aa~a.1085383348~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=1&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280%2C600x280&nras=5&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=4292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=59

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::5f Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 08 Dec 2023 19:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 08 Dec 2023 19:17:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame AA86 2 KB
902 B 97ms
62ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:01:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6946
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:01:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame AA86 24 KB
9 KB 93ms
61ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 17:50:49 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7565
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 17:50:49 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame AA86 3 KB
1 KB 95ms
63ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5044
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:32:50 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 35F0 1 KB
643 B 32ms
16ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 19109
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 14:38:25 GMT
etag: 48472445140208031
expires: Sat, 09 Dec 2023 14:38:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame AA86 20 KB
8 KB 41ms
9ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:18:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:18:40 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame AA86 0
0 91ms
36ms Image
text/html 2607:f8b0:4004:c08::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS_5dwfgcJykHHAtEsxPLSAbUZRlbZRRNkqPfxg0mIEgDXDaoOE1pVTSKbJY3AMfNbMdewj1pZIuBJrba_GdnEE-ChYsw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2341355190&adf=4244749459&pi=t.aa~a.1085383348~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=1&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280%2C600x280&nras=5&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=4292&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=3&fsb=1&dtd=59
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::68 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame AA86 202 KB
64 KB 144ms
121ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame AA86 37 KB
15 KB 43ms
21ms Script
text/javascript 2607:f8b0:4004:c17::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:27:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 91766
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Wed, 06 Dec 2023 04:10:07 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 06 Mar 2024 18:27:28 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/9556343505796421699/ Frame AA86 5 KB
5 KB 51ms
30ms Image
image/jpeg 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9556343505796421699/14763004658117789537?w=200&h=200&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4138eeb4b628d421d80c4f5ddc8aedbc8fd39a1f6c803188d326a186519adfc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:59:49 GMT
x-content-type-options: nosniff
age: 3425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5015
x-xss-protection: 0
last-modified: Thu, 25 May 2023 13:28:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 18:59:49 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/11149436715076131842/ Frame AA86 12 KB
12 KB 79ms
58ms Image
image/jpeg 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11149436715076131842/14763004658117789537?w=400&h=209&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0fdf21f19487c16872fdfbac75ad6046dc936e19984fb02c930a5e98a766c4e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:54 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12588
x-xss-protection: 0
last-modified: Thu, 02 Nov 2023 11:39:07 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 19:56:54 GMT

GET
DATA 200
OK truncated
/ Frame AA86 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 56D0 94 KB
36 KB 102ms
46ms Script
text/javascript 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

f28e5429fc58acd0242f4341b790648e086ead04bf69fe1a3a31a12a4194236e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-mnt-h: 21-g4dd
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Fri, 08 Dec 2023 19:56:54 GMT
server: Apache
etag: "021305ab3848ac116a1fac3e05fe8c77"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
x-mnt-w: 22-5h9m
timing-allow-origin: *
content-length: 36449
expires: Fri, 08 Dec 2023 20:01:54 GMT

GET
H2 200 release-20231121-135-adperformance.js Show response
warp.media.net/rtb/resources/ Frame 56D0 72 KB
25 KB 110ms
33ms Script
application/javascript 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resources/release-20231121-135-adperformance.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

UploadServer /

Resource Hash

1616c8cd083e6b17f6a75ab0695bd4a4573b31ae8398ffb43758288028f6a773

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Fri, 08 Dec 2023 19:56:54 GMT
x-guploader-uploadid: ABPtcPrSYC032sCo2CRaNB3yjxl-63qnN5CeXLnpmc-wdAPD0gxALFp56h5n-I81vtUv-wcpDvg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25147
server: UploadServer
etag: "841dabce0b477a93d9cf7379b9eb1368"
vary: Accept-Encoding
x-goog-hash: md5=hB2rzgtHepPZz3N5uesTaA==, crc32c=iBXD1A==
content-type: application/javascript
x-goog-generation: 1700562102250666
cache-control: max-age=3600
x-goog-stored-content-length: 73447
expires: Fri, 08 Dec 2023 20:56:54 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 56D0 3 KB
1 KB 51ms
47ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5044
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:32:50 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 56D0 20 KB
8 KB 51ms
48ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:18:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5894
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:18:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 56D0 202 KB
64 KB 116ms
113ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
DATA 200
OK truncated
/ Frame AA86 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 99f9a74fb70be15521f1899133c0ff2bdae38bec2c38bf9b280e03a268d5759d

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://px.owneriq.net/ecmg?google_gid=CAESEEXKuXgof3-P29OMyzMRXyY&google_cver=1&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg
https://px.owneriq.net/ecc?redir=https%3a%2f%2fcm.g.doubleclick.net%2fpixel%3fgoogle_nid%3downeriq1%26google_sc%26google_push%3dAXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZ...
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg&google_cver=1&go...

170 B
188 B

31ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg&google_cver=1&google_gid=CAESEEXKuXgof3-P29OMyzMRXyY&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODQ=

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 08 Dec 2023 19:56:54 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.3.33
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmQaMBI5y9j7wLmHwcpNPmQU8Y9MKD6WHTfrOsmKgxP62_cMgpkOD5ky936DkqLQZZYBvXKS_mUknTVOSRkHtM0QrcEqSWJbpdg&google_cver=1&google_gid=CAESEEXKuXgof3-P29OMyzMRXyY&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODQ=
Content-Type: text/html
Cache-Control: max-age=70326
Connection: keep-alive
Content-Length: 154

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://aep.mxptint.net/sn.ashx?google_gid=CAESEFrTWJ8C-cM0degB_-Jp8JM&google_cver=1&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE&google_hm=UjMzNjQ2XzEwR...

170 B
329 B

32ms
31ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTxHvv7DYclYSEW_SUNFStB4jAV-4ufOZvmbC-JlVwB0Lp9QzrNJ8shbAbvEnqiCPq-QIHubMsz7rw5LrToL_gN5UUpMWB4ptE&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D
Date: Fri, 08 Dec 2023 19:56:54 GMT
Cache-Control: private
Strict-Transport-Security: max-age=-385070214; includeSubDomains
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE", CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length: 349
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://s.uuidksinc.net/match/47/?remote_uid=CAESEJgGpZQ4wDrcNfC9rjgjn0M&c_param1=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ&gdpr=%%GDPR%...
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ

170 B
188 B

39ms
39ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmTJt1PeJ3KwNa9iNvGlyooskwGZyo87GLJBKKCUS_JKHvUKz7QU9DMprvb_Ms2vDTyIuCAVZyvHhkkE6yWIXdkaU35LpxRWMQ
date: Fri, 08 Dec 2023 19:56:54 GMT
server: nginx/1.23.2
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://rtb.mfadsrvr.com/sync?ssp=google&ssp_init=step1&google_gid=CAESEMvj_JUHsZ346K0n0O4tUsg&google_cver=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdW...
https://rtb.mfadsrvr.com/ul_cb/sync?ssp=google&ssp_init=step1&google_gid=CAESEMvj_JUHsZ346K0n0O4tUsg&google_cver=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-...
https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=ZHUbVXUwQDitrVVYCl1Uiw==&no_redirect=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnL...

170 B
188 B

30ms
29ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=ZHUbVXUwQDitrVVYCl1Uiw==&no_redirect=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdWPxcyPv6sir1VY__koLVAvDsC9f8

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: //cm.g.doubleclick.net/pixel?google_nid=media_force_communications_2007_ltd&google_hm=ZHUbVXUwQDitrVVYCl1Uiw==&no_redirect=1&google_push=AXcoOmS3phqsvfUA_yn23zGzdDeotXUxjujxCTezvvFo4Pq3rHpgnLNWH2xERT6lGJhGE-00wxdWPxcyPv6sir1VY__koLVAvDsC9f8
date: Fri, 08 Dec 2023 19:56:54 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEJJ9Ssz8X_L0JivifTLdAFE&google_cver=1&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41Ta...
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41TaysoAqx_Ok&google_hm=ODYwNjg...

170 B
188 B

26ms
26ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41TaysoAqx_Ok&google_hm=ODYwNjg5NzgwNTc1MzE4MzI5Nw==

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmRx6ohgAN9BjAFKxt1xXHahO7HwVtmsWfH3_I3wbmaINS2R64ZEvFyEV_xWHFof4HxJE66XEv-VxgjQHgjiM6m41TaysoAqx_Ok&google_hm=ODYwNjg5NzgwNTc1MzE4MzI5Nw==
Date: Fri, 08 Dec 2023 19:56:54 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEIuWQUNNZI9-XHro50dLVXU&google_cver=1&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9F...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9FgDCnHY&google_hm=81fa84b76b6...

170 B
188 B

30ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9FgDCnHY&google_hm=81fa84b76b60920d18hees00lpx1svdv

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmRHveBjv5df7SNCiy0ngd6Kly-sa-xrYugJEoqsr0DSCVDUAF0Jj37SEdBYf0dzvhdHyl-S9XLFPqPrs5p8xaeumux9FgDCnHY&google_hm=81fa84b76b60920d18hees00lpx1svdv
date: Fri, 08 Dec 2023 19:56:54 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
content-type: text/html; charset=utf-8

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 35F0
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEItBA-upNWSW47bi65pwnYI&google_cver=1&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8R0Kj6SgNZoSNadwB0liWFw8q5AqS_pDwuY9ib

170 B
232 B

29ms
28ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8R0Kj6SgNZoSNadwB0liWFw8q5AqS_pDwuY9ib

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:54 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 22e1a57c
date: Fri, 08 Dec 2023 19:56:54 GMT
x-bytefaas-request-id: 2023120819565424CE78BF71CE33ACD6E4
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-23120819565424CE78BF71CE33ACD6E4-7081FEDA6FB943E0-00
x-cache: TCP_MISS from a23-209-100-91.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52183077) (-)
server-timing: inner; dur=5, cdn-cache; desc=MISS, edge; dur=0, origin; dur=11
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023120819565424CE78BF71CE33ACD6E4
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTgFvI-kiL_lJvxSumh0KWYJM2A-PydcmmWrL4Wlix7OSI4p2sJcJeCaqW-Pk8R0Kj6SgNZoSNadwB0liWFw8q5AqS_pDwuY9ib
x-bytefaas-execution-duration: 4.00
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 017509cafe48c2123e645e73a3735aba7dcf5a29ced19d14a63cbd157e0ccec5bd28b4902fa502df45b89b3f4df48c02b1a8765338b18c6d10253eda32769704ac6dfe10d6ab24739d1e9d0b11e3d8c0c627578c94130d204cb8a4e39ef3c08ddf
x-origin-response-time: 11,23.209.100.91
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Fri, 08 Dec 2023 19:56:54 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 35F0 0
130 B 77ms
29ms Image
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jt9b5R34hjwvAi35xn58o3UhRaEABMf_tpxNB5M4v_ZD-Xppf0rWwWA7fotm1jTvL2R-NOYNekdA

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:54 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 7917 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9683d0a5d96acb1fcb225b6ee54f286faf12b329a1b9ab2a527d414006d8ed22

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 SAFEFRAME.html Show response
contextual.media.net/sr/2722522032/ Frame EC70 74 KB
29 KB 204ms
203ms Document
text/html 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2554&&kkdd=Hu%7C!%7Cn3u*hWAH9&DG=ZCJ9Jq*pZpqCZOOO**9&i~hY=J&gEhH=J&0~D=ZZ9d&IE0f=sOpZ&0G~=.jQ*nmZz8&0h0~=wOfd7MBSUZ-3QLiSe2~wG(%3D%3D&0YG~=CC9.9.qOC&EGUf=OOqS9.J&00=Q5&E0=BW&0w3g=oXnavBW&hG~=.zvmpB9.4&IhG~=-Z-*-xv&wIIhE=Z&YYY=IUnFws0_FskMmJmC29(g~r5-OzD9L(iI&3Ef=*&_(=Z&ri~=p&H~IZ=.jQZ54tpO&H~I9=OOCqdZ*O.&7~HIH=E~9%3D3r__yGrY_k_%3DZJyNifYhg%3DJAOCyD(kfS0%3DJA9dyDGEkE~%3D9JpyrY_kYhEk7%3DZ9AC*y~Ngk7%3DJACqy~09%3DZyE0~%3D3MyYHf%3DJ%2CJyDkHE3%3DdJJdy~Ngk_%3D9JyD_9YkE~%3D9J9OZ9J.ZJyGrY_k7%3DdpCAqdyrY_kIT0%3DJyrY_kY9Hk7%3DJyEI~%3D9.O.9*CZZ.yYHI%3DJAJJJ%2CJy_HEI%3Dy0DNi%3D*Ad*yDGEkrY_k7%3DJA*yD_9YkGkE~%3D9J9OZ9J.ZJyGh%3DZw_s5jrnH*hw*a5Ml!pIzGy277%3DJyDGEkrY_k_%3DJyYGGhrH%3DZC%2C9JyfI%3D9OyY0%3DZyYGErG~%3DJ%2CJyD_9YkGk7%3DJAJqyYhEkE~%3D9J9OZ9J.ZpyDGEk7%3D9.*ACdyYH~D%3DJAJJJ%2CJyrY_k7%3DZAJOyD_9YkrY_k7%3DJyD_9YkrY_kDG%3DZ!FZqyrY_kIDG%3DJyrY_k_%3DZJyE_D%3DZ.A*dyi0HI%3DFZy77%3DZdqyDD%3DJy0D_9YkE~%3D9J9yY2D%3Dp9AJCy_9Yk7%3DZJJJyfYhg%3DJAOCyD_9YkrY_kT0%3DJ!JyhEGk0%3DZ%2CZ%2CJ%2CJ%2CJ%2CJ%2CJ%2CJy7g%3DZyhEGk~%3DJyYTf%3DJ%2CJyYH~h%3DJAJJJ%2CJyHOhk7%3D.Ad9%2CZpCApqyEG~%3DCC9.9.qOCyE~%3DZyrG~%3D9RH4gwq_v2E3t.*CDUyrY_kYhEkT0%3DJy0D_9Yk7%3D*Ad*y7I~%3DOJCdCZCqOdJ.JZp9*Zdqd*ZJpOJ9qZJ*.J.OdOOq*JCC.*.Zdp*Jpppqq.*.*Z**.ppp*dCZ*9JdOOC*.JqdO9CqqCJ*.*JpJ*O***9yD(r%3DJA9dy~9hk_%3DZJy0D_9%3D*Ad*yOh02%3DdCOACqyrGg%3DJyYTI%3DJAJJJ%2CJy~ggkEIYi%3DwHYgN3My~9hk7%3DJAd.yNi~9hk7%3DJAd.yEE%3DBXy00%3DQ5yrG(%3DFZy0f%3DJyYhEk7%3DZpCApqyrY_kEYhEk7%3DZ9AC*yY0D%3Dp9AJCyjR%3DOJ*OyYT(h%3DJAJJJ%2CJyT7kr0%3DF9y3IE%3DZyT7k00TE%3DF9y0I%3D3f(%20MNYTy7EEkl-1%3DBX%2CBXyYT(~%3DJAJJJ%2CJy7HEGE9%3DZdqy7HEGEZ%3DZdqyGEnf2%3DJyGEG2%3DJyrY_kYh0k7%3DJy7G~%3DJAOCy~0%3D.yrY_kYhEkYD%3DJyD_9Yk7%3D.Ad9y07~h%3DJAJ.dyE~%3DZyGIMhfkG~%3DZCyEf__fYkIHikG~%3D9.O.9*CZZ.yErhh_MkIHikG~%3Dy~fIf0If~kIHikG~%3DyDGf(H7G_GIM%3DJA9dyhNE%3DOyH0kIMhf%3DZyH~7_T%3D9.O.9*CZZ.yHgh%3DZyNi7G~%3DJAOCJy72_Y%3DJAJZJyErG~%3DjX!5!X(DWziFWd1sni*JZUm7ZUJy~I0%3DfHEIkE0y~ggkfYhg%3D2H_Efy~gg%3DwHYgN3My7~h0Hh~%3DJy~H_i%3Dr3GEN3ZOyEigI%3D_N3ikIHG_kwNgfhHifk0HI0wH__yEN7h%3DJA9OySG~%3DXceFhr7F*.Zd*q9OqCOq*ZJZywIg_%3DZy~0rI%3DC*y~Ni7%3DJFZyG70%3DZy3EU%3DZyIiE%3DOOqS9.Jy7E7%3DJy7Eh%3DJyIgS%3DZdC&3ID=J&ggg=reNEB2RcV!T%3D&G(=OOq&G3R2Y=Z&7~YR~=9dp&7G~=OpZOJp&g02=dd9J&M~EhY=Z&7Hf=bSfifpUBbBybSfifppfbBypff&THIhYf=Z&THI7G~=FZJ9&Mh_h=Z&GEG~=9&EEg0YkDfY=*&hiG~=hZp9Z.ZCC*9I9J9OZ9J.Zd*q&EE_~=%7B%22EEGh%22%3A%229HJ~%3A*qJJ%3AJJ9p%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%22%2C%22EE00%22%3A%22Q5%22%2C%22EEE0%22%3A%22BW%22%2C%22EE0IM%22%3A%22Bf(%20WNYT%22%7D&wIg_EY0=Z&sflct=4952349&ure=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

0c8a25dbf95afb1dcd7058e41a25d04bbec518455c2a7dc09a502b88657af18c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 29926
content-type: text/html
date: Fri, 08 Dec 2023 19:56:55 GMT
expires: Fri, 08 Dec 2023 19:56:55 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-sc-h: 22-sslh

GET
H2 200 bping.php
lg3.media.net/ Frame 56D0 35 B
176 B 118ms
105ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=2381&&vgd_cdv=1129&vgd_cage=3&vgd_tsce=L341&vgd_mcf=9920&gdpr=0&mspa=0&prid=8PRVCXX19&cid=8CU5RJ1PV&crid=772828637&vi=1702065414671333552&ugd=4&lf=6&cc=US&sc=NY&lper=100&wsip=170785101&r=1702065414919&rrr=tzR-hLcl-L_yJ0J7f2wmduST3Pv2Qwgt&requrl=https%3A%2F%2Fricowhaz.com%2F&vgde_bdata=QOfvzxjj~8xLjMjvu9~myJLEYv9.Ah~eBMJ-Nv9.fi~e8QMQOvf9H~xLjMLEQMGvuf.hX~OmYMGv9.hF~ONfvu~QNOvz5~L1Jv9%2C9~eM1Qzvi99i~OmYMjvf9~ejfLMQOvf9fAuf9Wu9~8xLjMGviHh.Fi~xLjM7UNv9~xLjMLf1MGv9~Q7OvfWAWfXhuuW~L17v9.999%2C9~j1Q7v~NemyvX.iX~e8QMxLjMGv9.X~ejfLM8MQOvf9fAuf9Wu9~8EvuwjTb%3DxD1XEwXcb5C4H708~kGGv9~e8QMxLjMjv9~L88Ex1vuh%2Cf9~J7vfA~LNvu~L8Qx8Ov9%2C9~ejfLM8MGv9.9F~LEQMQOvf9fAuf9WuH~e8QMGvfWX.hi~L1Oev9.999%2C9~xLjMGvu.9A~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjvu9~QjevuW.Xi~yN17vou~GGvuiF~eev9~NejfLMQOvf9f~LkevHf.9h~jfLMGvu999~JLEYv9.Ah~ejfLMxLjMUNv949~EQ8MNvu%2Cu%2C9%2C9%2C9%2C9%2C9%2C9~GYvu~EQ8MOv9~LUJv9%2C9~L1OEv9.999%2C9~1AEMGvW.if%2CuHh.HF~Q8OvhhfWfWFAh~QOvu~x8OvfV1ZYwFjakQz2WXhel~xLjMLEQMUNv9~NejfLMGvX.iX~G7OvA9hihuhFAi9W9uHfXuiFiXu9HA9fFu9XW9WAiAAFX9hhWXWuiHX9HHHFFWXWXuXXWHHHXihuXf9iAAhXW9FiAfhFFh9XWX9H9XAXXXf~eBxv9.fi~OfEMjvu9~NejfvX.iX~AENkvihA.hF~x8Yv9~LU7v9.999%2C9~OYYMQ7Lyvw1LYmz5~OfEMGv9.iW~myOfEMGv9.iW~QQvIK~NNvPb~x8Bvou~NJv9~LEQMGvuHh.HF~xLjMQLEQMGvuf.hX~LNevHf.9h~%3DVvA9XA~LUBEv9.999%2C9~UGMxNvof~z7Qvu~UGMNNUQvof~N7vzJBn5mLU~GQQMC_pvIK%2CIK~LUBOv9.999%2C9~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8Q8kv9~xLjMLENMGv9~G8Ov9.Ah~ONvW~xLjMLEQMLev9~ejfLMGvW.if~NGOEv9.9Wi~QOvu~875EJM8Ovuh~QJjjJLM71yM8OvfWAWfXhuuW~QxEEj5M71yM8Ov~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.fi~EmQvA~1NM75EJvu~1OGjUvfWAWfXhuuW~1YEvu~myG8Ov9.Ah9~GkjLv9.9u9~Qx8Ov%3DK4b4KBe30yo3ipTDyX9ul6Gul9~O7NvJ1Q7MQN~OYYMJLEYvk1jQJ~OYYvw1LYmz5~GOEN1EOv9~O1jyvxz8QmzuA~QyY7vjmzyM718jMwmYJE1yJMN17Nw1jj~QmGEv9.fA~-8OvKrtoExGoXWuiXFfAFhAFXu9u~w7Yjvu~ONx7vhX~OmyGv9ou~8GNvu~zQlvu~7yQvAAF-fW9~GQGv9~GQEv9~7Y-vuih&ssld=%7B%22QQ8E%22%3A%22f19O%3AXF99%3A99fH%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQNN%22%3A%22Pb%22%2C%22QQQN%22%3A%22I3%22%2C%22QQN75%22%3A%22IJBn3mLU%22%7D&vgd_bid=341304&vgd_ydspr=1&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1702065414137146644&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CU1SGZ43&vgd_hb_audit_2=337691538&vgd_pgid=p1421817752t202312081956&vgd_pgids=1&vgd_uspa=0&hvsid=00000170206541491600958081339131&gdpr=0&mspa=0&vgd_l2type=scs_newfl&vgd_end=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Fri, 08 Dec 2023 19:56:55 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame F6F9 27 KB
10 KB 69ms
67ms Document
text/html 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU1SGZ43&prvid=462%2C99%2C77%2C20000%2C313%2C319%2C294%2C460&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9790f42b8dedb1411b7a398f2f255811ed99f48c3b9b3d72f04b023efd845030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9620
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 19:56:54 GMT
expires: Sun, 10 Dec 2023 19:56:54 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame 56D0 35 B
191 B 112ms
102ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/clog?pixel_len_bucket=5979&logid=awlog&lper=1&itypeid=17&itype=ADX&cc=US&cid=8CU1SGZ43&reqid=ot_yhp9RmhbWSSwkkgvXww&vid=ot_yhp9RmhbWSSwkkgvXww&dn=ricowhaz.com&rawDn=ricowhaz.com&requrl_dn=ricowhaz.com&pid=8PR113JGC&ugd=4&fleet=appnexus&requrl=https%3A%2F%2Fricowhaz.com&cliIPV6=2a0d%3A5600%3A0024%3A0000%3A0000%3A0000%3A0000%3A0000&cliIPType=v6&coppa_enf=true&lmt_status=N&lmt_applied=N&lmt_enf=true&dnt_enf=false&geo_source=2&sc=NY&ct=New+York&zip=10013&pubid=pub-ADX-118903234488&tgtval=pub-ADX-118903234488&csip=rtb-appnexus-5fd6bb7f75-tfvn6.SC&dtc=east_sc&zone=d&sd=1&ptype=23&tmax=300&xtmax=300&gdpr=0&gpp_present=false&app=0&sat=1&device_id=4&sckfl=1&suid=CAESEAwvYPg-Y9WLRg501zJb1z0&sckfl2=0&smbrid=adx-1&cxtSgmt=long_tail_homepage_catchall&usp_status=0&usp_enf=1&mspa_enforced=true&gqid=AD8Fdm4VhcbteyH-VIs2GqlWqHsTsUEEy1mB5W1Gtep8ld63aR-h9nuaDPtRE8hWLuKXsPxQ&pexid=ADX-pub-5819562367365101&geoll=true&is_ortb=false&commit_id=4ae442ec&ocurr=USD&omul=1.0&currsrc=API&currsrc_date=2023-12-08+00%3A00%3A00&schain_cmpl=1&schain_nodes_count=1&dummy_vsid=false&amptype=1&second_call=false&supply_cc=US&ipcc=US&is_msnnative_src=false&proxy=envoy&rtttime=97&req_tid_present=false&pvid=294&prvAccId=772828637&prvApiId=8CU5RJ1PV&adj0=0.0&adj1=0.0&adj2=0.0&pst=0&crid=337691538&prspt=headerBid&prvReqId=22331626084351_1577885027_33769153812941&size=336x280&chnl=HARMONY&bdp=0.370&bid_uuid=e8d4eee9677f35917af7e469891f6a89&cbdp=0.089&og_cbdp=0.370&ogbdp=0.37&pv_adtype=0&res_mtype=0&mnet_ckfl=0&ckfl=0&be=0&cat=IAB-3&advUrl=https%3A%2F%2Fsearch.yahoo.com&dfpBd=0.089&dsrc=-2&dp=0&dbf=1&epc=772828637&s=1&snm=SUCCESS&pcrid=8CU5RJ1PV-772828637-49-0&tpbTkn=false&exid=31&bidflr=0.010&pbidflr=0.010&opbidflr=0.010&spbf=0&viewability=29&sbdrid=196&exp=ssProfile%3D0%7Csfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7Ctpi%3D1%7Cfl_rl%3D1%7Ckbb_se%3D1%7Cdbr%3D1%7Csfl%3Dfalse%7Cbfl%3D-100%7Ctpi%3D1&mnrf=0&ortbseat=BID_API&brsrclk=0&bidrestime=1702065414279&fpuReq=1&bfs=103&acsn=1&ybnca_erpm=0.37&dmm_erpm=true&dmm_ogerpm=false&bcrid=1700080800127000336028000025600&strg=HARMONY&vls=0&scrid=1700080800127000336028000025600&mang=1&pvdTmax=197&fpusp=false&ae=false&epcexp=false&moau=true&ucrid_ver=2&omid=0&mnet_static_share=0.0&dt=O&mx_svc_mode=http&incentive_type=0&aogbdp=0.0&spIvt=3&spSource=0&spTo=3&spIsReq=3&spFst=0&spCst=0&mx_sdr=false&mx_sbp=-10.0&mx_sua_cvg=1111111&mx_tid_sent=false&mx_epbc=8CU5RJ1PV&mx_SPRIG=2&mx_bsBucket=0&mx_ssProfile=0&mx_int_dsp_id=32&mx_sua_os_n=Windows+NT&mx_lr=0&mx_TAS=1&mx_ep_sent%3C%3E=badv&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_sua_os_v=10.0&mx_bsBucketRa=0&mx_sid=8CU1SGZ43&mx_SC=0&mx_lr_seg_deal=0&mx_aqcpl_crid=0&mx_nsz=1&mx_GCID=0&mx_maq_call=false&mx_aurt=0&mx_sua_model=x64&mx_bsBucketKtwRl=0&mx_tgs=336x280&mx_bsProfileRa=0&mx_IAB2=2&mx_bss_algos%3C%3E=0&mx_aurl_hc=0&mx_aabpc=0&mx_PC=1&mx_UCC=5&mx_isLossNtf=false&mx_bsProfileKtwRl=0&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=3&mx_nids%3C%3E=KtdUVgskVesO&mx_gpid_sent=false&mx_commit_id=57e0a39df7&mx_exp_tokens%3C%3E=IPBLOCK_DM%3AGCS%23%23bsNed%3ADEFAULT%23%23NedCkflWithData%3ADEFAULT%23%23launchexp%3Atoken2%23%23prll_req%3Atrue%23%23NedCkfl%3ADEFAULT%23%23BssTgtMig%3ADEFAULT&is_video_cmp=false&acid=9e5bf66d2edae1f0d216ff09c1d0a179&rtime=24.0&wsip=mowx-lite-fb8fd6758-56j7v&ltime=35.0&act=headerBid&abs=0%7C0%7Cxtmax%3D300%7Cbrr%3D1&adtypes=0&adblk=2838257118&impId=1&reftime=0&reftype=0&psrc=fail&mowxReqId=9e5bf66d2edae1f0d216ff09c1d0a179_1&policy_enf=2&pub_blk_enf=1&req_size=336x280&renderer=1&ifst=0&iframingState=0&ifdp=0&slotVisibility=2&adpos=3&media=0&native_asset=0&req_mtype%3C%3E=0&ctr=-1.0&rfc=-1&skadidfl=0&feedback_id=ot_yhp9RmhbWSSwkkgvXww_1&supplyTagId=2838257118&mnrfc=-1&v_plcmt_override=0&v_placement_override=0&viewability_vendor=EXCHANGE&vcmplrt=-1.0&imp_tid_present=false&mp_seg%3C%3E=100273&debug_ts=2023-12-08+19%3A56%3A54&__expireat=1702066014533&mview=1&sc_pvid=460&sc_dp=0&sc_bdp=0.230&sc_cbdp=0.230&sc_ogbdp=0.23&sc_adj0=0.0&sc_adj1=0.0&sc_adj2=0.0&sc_prspt=headerBid&lo_pvid=%5B460%5D&lo_dp=0&lo_bdp=0.230&lo_cbdp=0.230&actltime=35&rme=adm&bdata=sd2%3Dnull~iurl_l%3D10~ogerpm%3D0.37~vw_exc%3D0.29~vis_sd%3D204~url_rps_b%3D12.75~dom_b%3D0.76~dc2%3D1~scd%3Dny~rae%3D0%2C0~v_asn%3D9009~dom_l%3D20~vl2r_sd%3D2023120810~iurl_b%3D947.69~url_tkc%3D0~url_r2a_b%3D0~std%3D2838257118~rat%3D0.000%2C0~last%3D~cvog%3D5.95~vis_url_b%3D0.5~vl2r_i_sd%3D2023120810~ip%3D1hlLSCuRa5ph5MSyKE4tPi~fbb%3D0~vis_url_l%3D0~riipua%3D17%2C20~et%3D23~rc%3D1~risuid%3D0%2C0~vl2r_i_b%3D0.06~rps_sd%3D2023120814~vis_b%3D285.79~radv%3D0.000%2C0~url_b%3D1.03~vl2r_url_b%3D0~vl2r_url_vi%3D1E-16~url_tvi%3D0~url_l%3D10~slv%3D18.59~gcat%3D-1~bb%3D196~vv%3D0~cvl2r_sd%3D202~rfv%3D42.07~l2r_b%3D1000~erpm%3D0.37~vl2r_url_kc%3D0E0~psi_c%3D1%2C1%2C0%2C0%2C0%2C0%2C0%2C0~bm%3D1~psi_d%3D0~rke%3D0%2C0~radp%3D0.000%2C0~a3p_b%3D8.92%2C147.46~sid%3D772828637~sd%3D1~uid%3D2IaGmh6lOfsnZ857vz~url_rps_kc%3D0~cvl2r_b%3D5.95~btd%3D3079717639080142519695104302610580839336507785819450444668585155844459715209337580693276670585040535552~vwu%3D0.29~d2p_l%3D10~cvl2%3D5.95~3pcf%3D973.76~uim%3D0~rkt%3D0.000%2C0~dmm_strg%3Dharmony~d2p_b%3D0.98~ogd2p_b%3D0.98~ss%3DNA~cc%3DUS~uiw%3D-1~ce%3D0~rps_b%3D147.46~url_srps_b%3D12.75~rcv%3D42.07~CI%3D3053~rkwp%3D0.000%2C0~kb_uc%3D-2~nts%3D1~kb_ccks%3D-2~ct%3Dnew%20york~bss_KTW%3DNA%2CNA~rkwd%3D0.000%2C0~basis2%3D196~basis1%3D196~isRef%3D0~isif%3D0~url_rpc_b%3D0~bid%3D0.37~dc%3D8~url_rps_rv%3D0~vl2r_b%3D8.92~cbdp%3D0.089%7Esd%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D2838257118%7Esupply_tag_id%3D%7Edetected_tag_id%3D%7Eviewability%3D0.29%7Epos%3D3%7Eac_type%3D1%7Eadblk%3D2838257118%7Eamp%3D1%7Eogbid%3D0.370%7Ebflr%3D0.010%7Esuid%3DCAESEAwvYPg-Y9WLRg501zJb1z0%7Edtc%3Deast_sc%7Edmm_erpm%3Dfalse%7Edmm%3Dharmony%7Ebdpcapd%3D0%7Edalg%3Dunison13%7Esgmt%3Dlong_tail_homepage_catchall%7Esobp%3D0.23%7Exid%3DADX-pub-5819562367365101%7Ehtml%3D1%7Edcut%3D75%7Edogb%3D0-1~ibc%3D1~nsz%3D1~tgs%3D336x280~bsb%3D0~bsp%3D0~tmx%3D197&utime=651&sf=0&cpr=0.5247202517160123

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame A484 94 KB
36 KB 40ms
40ms Script
text/javascript 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

dda5b1ad965e1d9d797d67a7c36006d5e794bec2c7eb052d2b88cfaaf929b9cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-mnt-h: 21-g4dd
strict-transport-security: max-age=31536000
content-encoding: gzip
date: Fri, 08 Dec 2023 19:56:55 GMT
server: Apache
etag: "021305ab3848ac116a1fac3e05fe8c77"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
x-mnt-w: 22-5h9m
timing-allow-origin: *
content-length: 36459
expires: Fri, 08 Dec 2023 20:01:55 GMT

GET
H2 200 release-20231121-135-adperformance.js Show response
warp.media.net/rtb/resources/ Frame A484 72 KB
25 KB 52ms
41ms Script
application/javascript 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resources/release-20231121-135-adperformance.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

UploadServer /

Resource Hash

1616c8cd083e6b17f6a75ab0695bd4a4573b31ae8398ffb43758288028f6a773

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=604800
content-encoding: gzip
date: Fri, 08 Dec 2023 19:56:55 GMT
x-guploader-uploadid: ABPtcPrSYC032sCo2CRaNB3yjxl-63qnN5CeXLnpmc-wdAPD0gxALFp56h5n-I81vtUv-wcpDvg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
content-length: 25147
server: UploadServer
etag: "841dabce0b477a93d9cf7379b9eb1368"
vary: Accept-Encoding
x-goog-hash: md5=hB2rzgtHepPZz3N5uesTaA==, crc32c=iBXD1A==
content-type: application/javascript
x-goog-generation: 1700562102250666
cache-control: max-age=3600
x-goog-stored-content-length: 73447
expires: Fri, 08 Dec 2023 20:56:55 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame A484 3 KB
1 KB 26ms
17ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:32:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5045
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:32:50 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame A484 20 KB
8 KB 28ms
19ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:18:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 5895
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 22 Dec 2023 18:18:40 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame A484 0
0 39ms
29ms Image
text/html 2607:f8b0:4004:c08::68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQKLKQ2xwzCRpxYlJ9Y1KqnI8Gwv7ePaS_OZRePbVB7Yyhe-c7G6w7-mhBzS_8ZbRCCmTHOafO3PDcnbQfGby9Ar59uag
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c08::68 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame A484 202 KB
64 KB 26ms
17ms Script
text/javascript 2607:f8b0:4004:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::9d Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 0387 1 KB
643 B 31ms
16ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 19110
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 14:38:25 GMT
etag: 48472445140208031
expires: Sat, 09 Dec 2023 14:38:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 56D0 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9b229a0127e1592a0edf72bdeb3f33aded76621a398baba0daf137b79487ec11

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 56D0 0
19 B 136ms
135ms Image
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CVmZxBnVzZY2JB5KMrr4PhsqB0AbnqcCdc92Oo_nKDMCNtwEQASAAYMnGqYvApNgPggEXY2EtcHViLTU4MTk1NjIzNjczNjUxMDHIAQmoAwHIAwKqBNoBT9A0FGQPQZTo-9WgG-mhaEYX1MEEas8nLBOwZ7SvxjJXla23Q2qrVYHWJ60DCzU9Z8eE22yVh2YufgUQBNI2rKCgcm2AH8EXih731JvVzWfjQzrLdVazLs6t3QjhA0vXaUGITBJ_yCFOrQNB7l-E-1__uzHhDj1nAEy266obzRVfuNDYNG1k6tKZo_5e4wuH5_vOSnNesThbTwf3hqYXXSaDLnHkFqUO-EN_4oHgcMIvqKjRb2EwhRE5o_qkvXlfjSXI12HKnd_XUDyJlesovDhFEVUk5oNfn52ABurr2_vY4_P5W6AGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBsIgGEQATICigI6AoBASL39wTpYhO-R48-AgwOACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTgxOTU2MjM2NzM2NTEwMRgA&sigh=im54NDeN4xc&uach_m=%5BUACH%5D&cid=CAQSOwDICaaNdWBPdRFNiZ48UKFvqnGjWoaJLUS4Gkm939TMvJUXiy5fAWtcGSDL6SqultMk18gc9l6btsPRGAE&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 log
hblg.media.net/ Frame 56D0 35 B
191 B 32ms
31ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?logid=kfke&evtid=plutol1&__q=AYYEIwaELwQCAAABAAAAAgAAAABAAAEABgAAQIABAAgAMNAAUDIyMzMxNjI2MDg0MzUxXzE1Nzc4ODUwMjdfMzM3NjkxNTM4MTI5NDFAOWU1YmY2NmQyZWRhZTFmMGQyMTZmZjA5YzFkMGExNznMBK5H4XoUrtc_mAcoaHR0cHM6Ly9yaWNvd2hhei5jb20EVVMA5gFNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTIwLjAuNjA5OS43MSBTYWZhcmkvNTM3LjM2GHJpY293aGF6LmNvbRI4Q1UxU0daNDMIDjMzNngyODAKMC4wODkOZWFzdF9zYwZBRFgICG51cmwAAAAAAAAAPUCOgomwiWMCMgAAAAAAAPC_QHJ0Yi1hcHBuZXh1cy01ZmQ2YmI3Zjc1LXRmdm42LlNDPjE3MDAwODA4MDAxMjcwMDAzMzYwMjgwMDAwMjU2MDACEDRhZTQ0MmVjAmQC&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 56D0 35 B
296 B 77ms
15ms Image
image/gif 23.205.106.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&acid=9e5bf66d2edae1f0d216ff09c1d0a179&algo=unison13&bdp=0.3700&bidfp=0.0100&capd=0&cc=US&cid=8CU1SGZ43&crid=337691538&ct=New%20York&dc=east_sc&dfpbd=0.0888&dn=ricowhaz.com&iwb=1&ogcbdp=0.3700&other_bids=0.23%7C0.37&other_prv=460%7C294&pbshr=100.0000&prdp=0.0888&requrl=ricowhaz.com%2F&sat=1&sc=NY&sc_pvid=294&send_erpm=true&server=1&size=336x280&strg=harmony&totalTime=3511940&ugd=4&ver=9.6.4&cliIP=0&time_stamp=2023-12-08%2019%3A56%3A54&seat=BID_API&itype=adx&req_id=ot_yhp9RmhbWSSwkkgvXww&dfp_bucket=0.0&level_base=0&bdp_bucket=0.35&app_type=adx_test&br_id=265&o_id=101&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.71%20Safari%2F537.36&br_ver=120.0.6099.71&o_ver=NT%2010.0&second_bid=0.23&second_bidder=460&seg=long_tail_homepage_catchall&f_seg=long_tail_homepage_catchall&model_key=generic_adx_1-cid_1&ogerpm=0.3700&ogerpm_used=false&rawbid=0.3700&totalTimeBucket=3&as_cache=0&sub_bidder=196&current_day=5.0&current_hour=19&cut=76&floor_bucket=0.00&model_version=202312080638_generic_adx_1-cid_1&erpm_bucket=0.35&mul_ratio=0.0000&dmm_m4=0.0000&ogerpm_wd_bkt=0-1&visibility=2&viewability=0.2900&pvid_seat=294_BID_API&ckfl=0&mnckfl=0&sd=1&predicted_wr=43.7041&bdp_wider_bucket=1&adblk=2838257118&dim10=false&dmm_m9=0.0000&dmm_m10=1382694&log_less=false&cut_bkt=75&advurl=search.yahoo.com%2F&dmm_d10=0.0000&bdmm_m5=0.0000&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m12=0.0000&dmm_l=0.0000&dmm_r=0.0000&e_rpm=0.0000&bdr_typ=1&clisp=rtb-appnexus-5fd6bb7f75-tfvn6.SC&dmm_m1=2023-12-08%2019%3A56%3A54.280519966&bd_m1=0.0000&bd_m2=0.0000&bd_m3=0.0000&ss=NA&ss_d1=0&ss_d2=0&dmm_m22=0.3700&adtyp=0&gpid_sent=false&pst=EMS&bcrid=1700080800127000336028000025600&sb_flr=false&erpm_mult=1.000000&zone=d&rc=-1&sfm_key=mowx_17_294&content_context=-1&video_mindur=-1&video_maxdur=-1&vskip=-1&ctr=-1.0&vcmplrt=-1.0&vplcmtt=-1&itype_id=17&wsip=mowx-lite-fb8fd6758-56j7v&rel_cut_bkt=80&djvm=9.5.8&optimal_cut=0.0&cut_cluster=0.0&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.147 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-147.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 19:56:55 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H2

200

cksync
cs.media.net/ Frame F6F9
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzQ1MDY3MDE0MDgxMzM2OTAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESECzcpXIFLLxtPB2XWBB0drw&google_cver=1

53 B
445 B

184ms
163ms

Image
image/gif

23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESECzcpXIFLLxtPB2XWBB0drw&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU1SGZ43&prvid=462%2C99%2C77%2C20000%2C313%2C319%2C294%2C460&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-197-0-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470

Request headers

accept-language: en-US,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
content-length: 53
x-mnet-hl2: E
expires: Fri, 08 Dec 2023 19:56:55 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESECzcpXIFLLxtPB2XWBB0drw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7917 16 KB
16 KB 62ms
20ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 17:49:52 GMT
x-content-type-options: nosniff
age: 94023
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 17:49:52 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 7917 15 KB
15 KB 74ms
33ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:00:19 GMT
x-content-type-options: nosniff
age: 93396
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 18:00:19 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame AA86 15 KB
16 KB 57ms
18ms Font
font/woff2 2607:f8b0:4004:c06::5e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::5e Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:05:07 GMT
x-content-type-options: nosniff
age: 93108
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 18:05:07 GMT

GET
H2 200 SAFEFRAME.html Show response
contextual.media.net/sr/2722522032/ Frame C061 74 KB
29 KB 185ms
183ms Document
text/html 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2623&&kkdd=AA%7Ch%7C3n*AuH9&q~=lO.!.)0*l0O*lJJ))!J&FZeC=.&-feD=.&_Zq=ll!P&xf_z=bN*l&_~Z=JIA0K2lHs&_e_Z=8NzPWQvRyln7ABFRi(Z8~V%3D%3D&_C~Z=OO!J!J)NO&f~yz=NN)R!J.&__=A1&f_=vM&_87-=f--G-~FCDx~u7Gxzfx&e~Z=JHk2*v!JS&xe~Z=nln0nwk&8xxef=l&CCC=xyKr8b_3rbGQ2.2O(!V-Zj1nNHq!BVFx&7fz=0&3V=l&jFZ=*&DZxl=JIAl1So*N&DZx!=NNO)Pl0NJ&WZDxD=fZ!%3D7j33Y~jC3G3%3Dl.YuFzCe-%3D.4!OYZu-GW%3D.4O)Yf_Z%3D7QYCDz%3D.%2C.YZu-G3%3D!.Yq3!CGfZ%3D!.!Nl!.Jl.Y~jC3GW%3DP*O4)PYjC3Gxm_%3D.YjC3GC!DGW%3D.YfxZ%3Dll*JJN.Pl)YCDx%3D.4...%2C.Y~e%3Dl83b1IjKD0e80L1Qc6*xH~Y(WW%3D.YC~~ejD%3DlO%2C!.YC_%3DlYC~fj~Z%3D.%2C.YCefGfZ%3D!.!Nl!.Jl*YCDZq%3D.4...%2C.YjC3GW%3Dl4.NYq3!CGjC3GW%3D.Yf--GVC%3DO4lOllYjC3G3%3Dl.Yf3q%3DlJ40PYF_Dx%3DrlYWW%3DlP)Yf--G-j3%3D.4J!YzCe-%3D.4!OYq3!CGjC3Gm_%3D.6.Yef~G_%3Dl%2Cl%2C.%2C.%2C.%2C.%2C.%2C.YW-%3DlYef~GZ%3D.YCmz%3D.%2C.YDNeGW%3DJ4P!%2Cl*O4*)YfZ%3DlYj~Z%3D!aDS3b-q85*jNSOP18Y_q3!CGW%3D04P0YWxZ%3DN.OPOlO)NP.J.ll.)Pl..J.NNN)lJl0lJ)!.*!O.J*P*.ON!!P*P*J).0!P)l0NJ!.!NlO*0)P!!OlPl!NOO0P!ONlNJJJ0P.)P!N0!Yj~-%3D.YCmx%3D.4...%2C.YuFZ!eGW%3D.4P0Yff%3DvpY__%3DA1Yj~V%3DrlY_z%3D.YC_q%3D*!4.OYIa%3DN.0*YmWGj_%3Dr!Y7xf%3DlYmWG__mf%3Dr!Y_x%3D7zV%20QuCmYWffGcnT%3Dvp%2CvpYWDf~f!%3DlP)YWDf~fl%3DlP)YZ_%3DJYq3!CGW%3DJ4P!YqVGzR_%3D.4!NYq~fGfZ%3D!.*YjC3GCefGW%3Dl!4O0YZ_!%3DlYqGDf7%3DP..PY3Dfx%3DY_quF%3D04P0Yq~fGjC3GW%3D.40Yq3!CG~GfZ%3D!.!Nl!.Jl.Yq~fGjC3G3%3D.Yzx%3D!NYq3!CG~GW%3D.4.)Yq~fGW%3D!lN4*OYq3!CGjC3Gq~%3Dl6rl)YjC3Gxq~%3D.Yqq%3D.Y_q3!CGfZ%3D!.!YC(q%3D*!4.OY3!CGW%3Dl...Yf--GfZ%3D!.!Nl!.JlNYCDZe%3D.4...%2C.Yf~Z%3DOO!J!J)NOYjC3GCefGm_%3D.YqVj%3D.4!NYZ!eG3%3Dl.Y_q3!%3D04P0YNe_(%3DPON4O)YZ--GfxCF%3Df--G-~FCDx~u7GxzfxYZ!eGW%3D.4POYCefGW%3Dl*O4*)YjC3GfCefGW%3Dl!4O0YCmVe%3D.4...%2C.YCmVZ%3D.4...%2C.Y~fKz(%3D.Y~f~(%3D.YjC3GCe_GW%3D.YW~Z%3D.4!!YjC3GCefGCq%3D.Y_WZe%3D.4!!.YfZ%3DlY~xQezG~Z%3DlOYfz33zCGxDFG~Z%3Dll*JJN.Pl)Yfjee3QGxDFG~Z%3DYZzxz_xzZGxDFG~Z%3DYq~zVDW~3~xQ%3D.4!NYeuf%3DNYD_GxQez%3DlYDZW3m%3Dll*JJN.Pl)YD-e%3DlYuFW~Z%3D.4!O.YW(3C%3D.4.l.Yfj~Z%3DIp616HplRpt5ib!Pngf_8aGQj0AYZx_%3DzDfxGf_YZ--GzCe-%3D(D3fzYZ--%3Df--G-~FCDx~u7GxzfxYWZe_DeZ%3D.YZD3F%3Df--YfF-x%3D3u7FGxD~3G8u-zeDFzG_Dx_8D33YfuWe%3D.4lOYR~Z%3Dp5irejWr0JlP0)!N)ON)0l.lY8x-3%3DlYf--GDe~%3DqlY~W_%3DlY7fy%3DlYxFf%3DNN)R!J.YWfW%3D.YWfe%3D.Yx-R%3D!.!&7xq=.&---=jiufv(a5g6m%3D&~V=NN)&~7a(C=l&WZCaZ=!P*&W~Z=NNOPP0&-_(=PP!.&QZfeC=l&WDz=hRzFz*yvhvYhRzFz**zhvY*zz&mDxeCz=l&mDxW~Z=rl.!&Qe3e=l&~f~Z=!&ff-_CGqzC=0&eF~Z=el*!lJlOO0!x!.!Nl!.JlP0)&ff3Z=%7B%22ff~e%22%3A%22!D.Z%3A0)..%3A..!*%3A....%3A....%3A....%3A....%3A....%22%2C%22ff__%22%3A%22A1%22%2C%22fff_%22%3A%22vM%22%2C%22ff_xQ%22%3A%22vzV%20MuCm%22%7D&8x-3fC_=l&sflct=4952349&ure=1

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CU5RJ1PV&ydspr=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Resource Hash

706f41279c935e8a6384cac1da2a3cbca22bf390edb3bb23095c44d9ca629cb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 29961
content-type: text/html
date: Fri, 08 Dec 2023 19:56:55 GMT
expires: Fri, 08 Dec 2023 19:56:55 GMT
pragma: no-cache
strict-transport-security: max-age=31536000
timing-allow-origin: *
vary: Accept-Encoding
x-sc-h: 22-sslh

GET
H2 200 bping.php
lg3.media.net/ Frame A484 35 B
176 B 120ms
117ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=2461&&vgd_cdv=1129&vgd_cage=3&vgd_tsce=L341&vgd_mcf=9920&gdpr=0&mspa=0&prid=8PRVCXX19&cid=8CU5RJ1PV&crid=772828637&vi=1702065415741886628&ugd=4&lf=6&cc=US&sc=NY&vsid=3450670140813304&lper=100&wsip=170785101&r=1702065415205&rrr=tzR-hLcl-L_yJ0J7f2wmduST3Pv2Qwgt&requrl=https%3A%2F%2Fricowhaz.com%2F&vgde_bdata=QOfvzxjj~8xLjMjvu9~myJLEYv9.fh~OmYMGv9.hF~QNOvz5~L1Jv9%2C9~OmYMjvf9~ejfLMQOvf9fAuf9Wu9~8xLjMGviHh.Fi~xLjM7UNv9~xLjMLf1MGv9~Q7OvuuHWWA9iuF~L17v9.999%2C9~8EvuwjTb%3DxD1XEwXcb5C4H708~kGGv9~L88Ex1vuh%2Cf9~LNvu~L8Qx8Ov9%2C9~LEQMQOvf9fAuf9WuH~L1Oev9.999%2C9~xLjMGvu.9A~ejfLMxLjMGv9~QYYMBLvh.uhuu~xLjMjvu9~QjevuW.Xi~yN17vou~GGvuiF~QYYMYxjv9.Wf~JLEYv9.fh~ejfLMxLjMUNv949~EQ8MNvu%2Cu%2C9%2C9%2C9%2C9%2C9%2C9~GYvu~EQ8MOv9~LUJv9%2C9~1AEMGvW.if%2CuHh.HF~QOvu~x8OvfV1ZjTYewrHxAZhibw~NejfLMGvX.iX~G7OvA9hihuhFAi9W9uu9Fiu99W9AAAFuWuXuWFf9Hfh9WHiH9hAffiHiHWF9XfiFuXAWf9fAuhHXFiffhuiufAhhXifhAuAWWWXi9FifAXf~x8Yv9~LU7v9.999%2C9~myOfEMGv9.iX~QQvIK~NNvPb~x8Bvou~NJv9~LNevHf.9h~%3DVvA9XH~UGMxNvof~z7Qvu~UGMNNUQvof~N7vzJBn5mLU~GQQMC_pvIK%2CIK~G1Q8QfvuiF~G1Q8QuvuiF~ONvW~ejfLMGvW.if~eBMJ-Nv9.fA~e8QMQOvf9H~xLjMLEQMGvuf.hX~ONfvu~eM1Qzvi99i~j1Q7v~NemyvX.iX~e8QMxLjMGv9.X~ejfLM8MQOvf9fAuf9Wu9~e8QMxLjMjv9~J7vfA~ejfLM8MGv9.9F~e8QMGvfuA.Hh~ejfLMxLjMe8vu4ouF~xLjM7e8v9~eev9~NejfLMQOvf9f~LkevHf.9h~jfLMGvu999~QYYMQOvf9fAuf9WuA~L1OEv9.999%2C9~Q8OvhhfWfWFAh~xLjMLEQMUNv9~eBxv9.fA~OfEMjvu9~NejfvX.iX~AENkvihA.hF~OYYMQ7LyvQYYMY8yL178mzM7JQ7~OfEMGv9.ih~LEQMGvuHh.HF~xLjMQLEQMGvuf.hX~LUBEv9.999%2C9~LUBOv9.999%2C9~8QDJkv9~8Q8kv9~xLjMLENMGv9~G8Ov9.ff~xLjMLEQMLev9~NGOEv9.ff9~QOvu~875EJM8Ovuh~QJjjJLM71yM8OvuuHWWA9iuF~QxEEj5M71yM8Ov~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.fA~EmQvA~1NM75EJvu~1OGjUvuuHWWA9iuF~1YEvu~myG8Ov9.fh9~GkjLv9.9u9~Qx8Ov%3DK4b40Ku-KdrtTfi_%20QNwVM5xXP~O7NvJ1Q7MQN~OYYMJLEYvk1jQJ~OYYvQYYMY8yL178mzM7JQ7~GOEN1EOv9~O1jyvQYY~QyY7vjmzyM718jMwmYJE1yJMN17Nw1jj~QmGEv9.uh~-8OvKrtoExGoXWuiXFfAFhAFXu9u~w7Yjvu~QYYM1E8veu~8GNvu~zQlvu~7yQvAAF-fW9~GQGv9~GQEv9~7Y-vf9f&ssld=%7B%22QQ8E%22%3A%22f19O%3AXF99%3A99fH%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQNN%22%3A%22Pb%22%2C%22QQQN%22%3A%22I3%22%2C%22QQN75%22%3A%22IJBn3mLU%22%7D&vgd_bid=337995&vgd_ydspr=1&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=9009&vgd_rakh=1702065415136832084&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CU1SGZ43&vgd_hb_audit_2=337691538&vgd_pgid=p1421817752t202312081956&vgd_pgids=1&vgd_uspa=0&hvsid=00000170206541519700958081335691&gdpr=0&mspa=0&vgd_l2type=scs_newfl&vgd_end=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Fri, 08 Dec 2023 19:56:55 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame CAC3 27 KB
10 KB 139ms
138ms Document
text/html 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

9790f42b8dedb1411b7a398f2f255811ed99f48c3b9b3d72f04b023efd845030

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9620
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 19:56:55 GMT
expires: Sun, 10 Dec 2023 19:56:55 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame A484 35 B
191 B 116ms
114ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/clog?pixel_len_bucket=6056&logid=awlog&lper=1&itypeid=17&itype=ADX&cc=US&cid=8CU1SGZ43&reqid=y74tHquVpxjsiH_ftNYR2g&vid=y74tHquVpxjsiH_ftNYR2g&dn=ricowhaz.com&rawDn=ricowhaz.com&requrl_dn=ricowhaz.com&pid=8PR113JGC&ugd=4&fleet=appnexus&requrl=https%3A%2F%2Fricowhaz.com&cliIPV6=2a0d%3A5600%3A0024%3A0000%3A0000%3A0000%3A0000%3A0000&cliIPType=v6&coppa_enf=true&lmt_status=N&lmt_applied=N&lmt_enf=true&dnt_enf=false&geo_source=2&sc=NY&ct=New+York&zip=10013&pubid=pub-ADX-118903234488&tgtval=pub-ADX-118903234488&csip=rtb-appnexus-5fd6bb7f75-xlt4w.SC&dtc=east_sc&zone=d&sd=1&ptype=23&tmax=300&xtmax=300&gdpr=0&gpp_present=false&app=0&sat=1&device_id=4&sckfl=1&suid=CAESEPA1xAjDXL29TqschI_yu5U&sckfl2=0&smbrid=adx-1&cxtSgmt=long_tail_homepage_catchall&usp_status=0&usp_enf=1&mspa_enforced=true&gqid=AD8Fdm6VquxF7oUrGcc4BhOQupnQYnRzdPOMQzYnCaZxIgdddug0zF2pOQW-S5QtbWw0Cpp0&pexid=ADX-pub-5819562367365101&geoll=true&is_ortb=false&commit_id=4ae442ec&ocurr=USD&omul=1.0&currsrc=API&currsrc_date=2023-12-08+00%3A00%3A00&schain_cmpl=1&schain_nodes_count=1&dummy_vsid=false&amptype=1&second_call=false&supply_cc=US&ipcc=US&is_msnnative_src=false&proxy=envoy&rtttime=86&req_tid_present=false&pvid=294&prvAccId=772828637&prvApiId=8CU5RJ1PV&adj0=0.0&adj1=0.0&adj2=0.0&pst=0&crid=337691538&prspt=headerBid&prvReqId=9448063856132_113423471_33769153812941&size=336x280&chnl=smm_migration_test&bdp=0.270&bid_uuid=ac85ed8d308b6a5ceb30d93b0c64d944&cbdp=0.22&og_cbdp=0.270&ogbdp=0.27&pv_adtype=0&res_mtype=0&mnet_ckfl=0&ckfl=0&be=0&cat=IAB-3&advUrl=https%3A%2F%2Fsearch.yahoo.com&dfpBd=0.22&dsrc=-2&dp=0&dbf=1&epc=772828637&s=1&snm=SUCCESS&pcrid=8CU5RJ1PV-772828637-49-6&tpbTkn=false&exid=31&bidflr=0.010&pbidflr=0.010&opbidflr=0.010&spbf=0&viewability=23&sbdrid=196&exp=ssProfile%3D0%7Csfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7Ctpi%3D1%7Cfl_rl%3D1%7Ckbb_se%3D1%7Cdbr%3D1%7Csfl%3Dfalse%7Cbfl%3D-100%7Ctpi%3D1&mnrf=0&ortbseat=BID_API&brsrclk=0&bidrestime=1702065414279&fpuReq=1&bfs=103&acsn=1&ybnca_erpm=0.27&dmm_erpm=false&dmm_ogerpm=false&bcrid=1700080800127000336028000025600&strg=smm_migration_test&vls=0&scrid=1700080800127000336028000025600&mang=1&pvdTmax=202&fpusp=false&ae=false&epcexp=false&moau=true&ucrid_ver=2&omid=0&mnet_static_share=0.0&dt=O&mx_svc_mode=http&incentive_type=0&aogbdp=0.0&spIvt=3&spSource=0&spTo=3&spIsReq=3&spFst=0&spCst=0&mx_sdr=false&mx_sbp=-10.0&mx_sua_cvg=1111111&mx_tid_sent=false&mx_epbc=8CU5RJ1PV&mx_SPRIG=2&mx_bsBucket=0&mx_ssProfile=0&mx_int_dsp_id=32&mx_sua_os_n=Windows+NT&mx_lr=0&mx_TAS=1&mx_ep_sent%3C%3E=badv&mx_g_one_uid_sent=None&mx_uid_sent=0&mx_sua_os_v=10.0&mx_bsBucketRa=0&mx_sid=8CU1SGZ43&mx_SC=0&mx_lr_seg_deal=0&mx_aqcpl_crid=0&mx_nsz=1&mx_GCID=0&mx_maq_call=false&mx_aurt=0&mx_sua_model=x64&mx_bsBucketKtwRl=0&mx_tgs=336x280&mx_bsProfileRa=0&mx_IAB2=2&mx_bss_algos%3C%3E=0&mx_aurl_hc=0&mx_aabpc=0&mx_PC=1&mx_UCC=5&mx_isLossNtf=false&mx_bsProfileKtwRl=0&mx_bsProfile=0&mx_ssBucket=0&mx_TAF=3&mx_nids%3C%3E=KtdUVgskVesO&mx_gpid_sent=false&mx_commit_id=57e0a39df7&mx_exp_tokens%3C%3E=IPBLOCK_DM%3AGCS%23%23NedCkflWithData%3ADEFAULT%23%23launchexp%3Atoken2%23%23bsNed%3AvalidBid%23%23prll_req%3Atrue%23%23NedCkfl%3ADEFAULT%23%23BssTgtMig%3ADEFAULT&is_video_cmp=false&acid=0b8d50d990f5cfd708c65320df2538f7&rtime=24.0&wsip=mowx-lite-fb8fd6758-g2gbk&ltime=32.0&act=headerBid&abs=0%7C0%7Cxtmax%3D300%7Cbrr%3D1&adtypes=0&adblk=1148830916&impId=1&reftime=0&reftype=0&psrc=fail&mowxReqId=0b8d50d990f5cfd708c65320df2538f7_1&policy_enf=2&pub_blk_enf=1&req_size=336x280&renderer=1&ifst=0&iframingState=0&ifdp=0&slotVisibility=2&adpos=3&media=0&native_asset=0&req_mtype%3C%3E=0&ctr=-1.0&rfc=-1&skadidfl=0&feedback_id=y74tHquVpxjsiH_ftNYR2g_1&supplyTagId=1148830916&mnrfc=-1&v_plcmt_override=0&v_placement_override=0&viewability_vendor=EXCHANGE&vcmplrt=-1.0&imp_tid_present=false&mp_seg%3C%3E=100273&debug_ts=2023-12-08+19%3A56%3A54&__expireat=1702066014530&mview=1&sc_pvid=460&sc_dp=0&sc_bdp=0.170&sc_cbdp=0.170&sc_ogbdp=0.17&sc_adj0=0.0&sc_adj1=0.0&sc_adj2=0.0&sc_prspt=headerBid&lo_pvid=%5B294%5D&lo_dp=0&lo_bdp=0.270&lo_cbdp=0.22&actltime=32&rme=adm&bdata=sd2%3Dnull~iurl_l%3D10~ogerpm%3D0.27~dom_b%3D0.76~scd%3Dny~rae%3D0%2C0~dom_l%3D20~vl2r_sd%3D2023120810~iurl_b%3D947.69~url_tkc%3D0~url_r2a_b%3D0~std%3D1148830916~rat%3D0.000%2C0~ip%3D1hlLSCuRa5ph5MSyKE4tPi~fbb%3D0~riipua%3D17%2C20~rc%3D1~risuid%3D0%2C0~rps_sd%3D2023120814~radv%3D0.000%2C0~url_b%3D1.03~vl2r_url_b%3D0~smm_wr%3D7.1711~url_l%3D10~slv%3D18.59~gcat%3D-1~bb%3D196~smm_mul%3D0.82~erpm%3D0.27~vl2r_url_kc%3D0E0~psi_c%3D1%2C1%2C0%2C0%2C0%2C0%2C0%2C0~bm%3D1~psi_d%3D0~rke%3D0%2C0~a3p_b%3D8.92%2C147.46~sd%3D1~uid%3D2IaGlLmvhD4u3G79Sh~cvl2r_b%3D5.95~btd%3D3079717639080110691008033361815186204270849407322949486052961538202317456922719123775927313888590692352~uim%3D0~rkt%3D0.000%2C0~ogd2p_b%3D0.95~ss%3DNA~cc%3DUS~uiw%3D-1~ce%3D0~rcv%3D42.07~CI%3D3054~kb_uc%3D-2~nts%3D1~kb_ccks%3D-2~ct%3Dnew%20york~bss_KTW%3DNA%2CNA~basis2%3D196~basis1%3D196~dc%3D8~vl2r_b%3D8.92~vw_exc%3D0.23~vis_sd%3D204~url_rps_b%3D12.75~dc2%3D1~v_asn%3D9009~last%3D~cvog%3D5.95~vis_url_b%3D0.5~vl2r_i_sd%3D2023120810~vis_url_l%3D0~et%3D23~vl2r_i_b%3D0.06~vis_b%3D213.47~vl2r_url_vi%3D1E-16~url_tvi%3D0~vv%3D0~cvl2r_sd%3D202~rfv%3D42.07~l2r_b%3D1000~smm_sd%3D2023120813~radp%3D0.000%2C0~sid%3D772828637~url_rps_kc%3D0~vwu%3D0.23~d2p_l%3D10~cvl2%3D5.95~3pcf%3D973.76~dmm_strg%3Dsmm_migration_test~d2p_b%3D0.97~rps_b%3D147.46~url_srps_b%3D12.75~rkwp%3D0.000%2C0~rkwd%3D0.000%2C0~isRef%3D0~isif%3D0~url_rpc_b%3D0~bid%3D0.22~url_rps_rv%3D0~cbdp%3D0.220%7Esd%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D1148830916%7Esupply_tag_id%3D%7Edetected_tag_id%3D%7Eviewability%3D0.23%7Epos%3D3%7Eac_type%3D1%7Eadblk%3D1148830916%7Eamp%3D1%7Eogbid%3D0.270%7Ebflr%3D0.010%7Esuid%3DCAESEPA1xAjDXL29TqschI_yu5U%7Edtc%3Deast_sc%7Edmm_erpm%3Dfalse%7Edmm%3Dsmm_migration_test%7Ebdpcapd%3D0%7Edalg%3Dsmm%7Esgmt%3Dlong_tail_homepage_catchall%7Esobp%3D0.17%7Exid%3DADX-pub-5819562367365101%7Ehtml%3D1%7Esmm_api%3Dv1~ibc%3D1~nsz%3D1~tgs%3D336x280~bsb%3D0~bsp%3D0~tmx%3D202&utime=951&sf=0&cpr=0.3577225849283918

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 76E9 1 KB
643 B 16ms
15ms Document
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 19110
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 14:38:25 GMT
etag: 48472445140208031
expires: Sat, 09 Dec 2023 14:38:25 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame A484 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69b7d3d548428f3cc27a2549605d44580de54d66476ae23f9e4e0c99bc24f506

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame A484 0
19 B 85ms
80ms Image
text/html 2607:f8b0:4004:c17::9a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CDKxnBnVzZefPCNiJrr4Pu5aGyAznqcCdc92Oo_nKDMCNtwEQASAAYMnGqYvApNgPggEXY2EtcHViLTU4MTk1NjIzNjczNjUxMDHIAQmoAwHIAwKqBNsBT9DGlUY32Xqg1e0CW_3v50hJWvovf5xmKWmTf7il6gZbcn1gtBPk1hGXBGNUNC_ZZ6rmBL8YqmExcCmPrFLCXOIhgST9ZTZz9HNgJ27eCUQB9tpYt2To8uDYSXe871BVc9JJEJCtAn90I3n2AExa8gA-bU-JeTgHHsb4-z5np-h7e64n5Ut_V_LFTeKkKiMw5XJYqXnzLDNNIKbPGOES1Pn-bLBSk8ZtZch69Xw1VG2-FQ4ahzCYleQ64bIZjHIerDhs6s2H_OQZURK4vH5nZhVomk6zLK_3iEVUgAbq69v72OPz-VugBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggbCIBhEAEyAooCOgKAQEi9_cE6WMuok-PPgIMDgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU4MTk1NjIzNjczNjUxMDEYAA&sigh=3uvwhJyGkPY&uach_m=%5BUACH%5D&cid=CAQSPADICaaNFFCuaBD-2CxS4EOlzL4pyGr0quYzgBvfkWdEKc4_zJx2CJXA-oUhD73az9FdaZ_XzDoiwtma0RgB&cbvp=2&vis=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c17::9a Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 log
hblg.media.net/ Frame A484 35 B
191 B 75ms
62ms Image
image/gif 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hblg.media.net/log?logid=kfke&evtid=plutol1&__q=AYYEIwaELwQCAAABAAAAAgAAAABAAAEABgAAQIABAAgAMNAATDk0NDgwNjM4NTYxMzJfMTEzNDIzNDcxXzMzNzY5MTUzODEyOTQxQDBiOGQ1MGQ5OTBmNWNmZDcwOGM2NTMyMGRmMjUzOGY3zARI4XoUrkfRP5gHKGh0dHBzOi8vcmljb3doYXouY29tBFVTAOYBTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEyMC4wLjYwOTkuNzEgU2FmYXJpLzUzNy4zNhhyaWNvd2hhei5jb20SOENVMVNHWjQzCA4zMzZ4MjgwCDAuMjIOZWFzdF9zYwZBRFgICG51cmwAAAAAAAAAN0COgomwiWMCMgAAAAAAAPC_QHJ0Yi1hcHBuZXh1cy01ZmQ2YmI3Zjc1LXhsdDR3LlNDPjE3MDAwODA4MDAxMjcwMDAzMzYwMjgwMDAwMjU2MDACEDRhZTQ0MmVjAmQC&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame A484 35 B
296 B 26ms
14ms Image
image/gif 23.205.106.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&acid=0b8d50d990f5cfd708c65320df2538f7&bdp=0.2700&bidfp=0.0100&cc=US&cid=8CU1SGZ43&crid=337691538&ct=New%20York&dc=east_sc&dn=ricowhaz.com&iwb=1&ogcbdp=0.2700&other_bids=0.17%2C0.27&other_prv=460%2C294&pbshr=100.0000&requrl=ricowhaz.com&sat=1&sc=NY&sc_pvid=294&send_erpm=false&server=6&size=336x280&strg=smm_migration_test&totalTime=786930&ugd=4&ver=9.6.4&cliIP=0&time_stamp=2023-12-08%2019%3A56%3A54&seat=BID_API&itype=adx&req_id=y74tHquVpxjsiH_ftNYR2g&br_id=265&o_id=101&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F120.0.6099.71%20Safari%2F537.36&br_ver=120.0.6099.71&o_ver=NT%2010.0&second_bid=0.17&second_bidder=460&seg=long_tail_homepage_catchall&f_seg=long_tail_homepage_catchall&ogerpm=0.27&ogerpm_used=false&rawbid=0.27&totalTimeBucket=0&sub_bidder=196&ogerpm_wd_bkt=0-1&visibility=2&viewability=0.23&pvid_seat=294_BID_API&ckfl=0&mnckfl=0&sd=1&bdp_wider_bucket=1&adblk=1148830916&advurl=search.yahoo.com%2F&bdr_typ=1&clisp=rtb-appnexus-5fd6bb7f75-xlt4w.SC&dmm_m22=0.2700&adtyp=0&gpid_sent=false&pst=EMS&bcrid=1700080800127000336028000025600&zone=d&rc=-1&sfm_key=mowx_17_294&content_context=-1&video_mindur=-1&video_maxdur=-1&vskip=-1&ctr=-1.0&vcmplrt=-1.0&vplcmtt=-1&itype_id=17&wsip=mowx-lite-fb8fd6758-g2gbk&djvm=9.5.8&cbvp=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=1148830916&adf=1508840718&pi=t.aa~a.3193222342~i.3~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=1&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C600x280&nras=4&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=3221&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&btvi=2&fsb=1&dtd=53
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.147 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-147.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 19:56:55 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://px.owneriq.net/ecmg?google_gid=CAESEKladjn75j9dsh81JoIWNKk&google_cver=1&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5
https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5&google_cver=1&googl...

170 B
188 B

33ms
33ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5&google_cver=1&google_gid=CAESEKladjn75j9dsh81JoIWNKk&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODRQ

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Fri, 08 Dec 2023 19:56:55 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.3.33
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://cm.g.doubleclick.net/pixel?google_nid=owneriq1&google_sc&google_push=AXcoOmRWdGSxAU0ojMM0nC79yMEzofCBRX63e2udk5Y8MWUn65PR6cnchQmnOdxXSI59fKItN2K6FetpHM7omC12t4vm0GeWHcG5&google_cver=1&google_gid=CAESEKladjn75j9dsh81JoIWNKk&google_hm=UTc1NTM1MTgxNDEyMjkxMjkyODRQ
Content-Type: text/html
Cache-Control: max-age=39920
Connection: keep-alive
Content-Length: 154

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 0387
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDb...

43 B
424 B

91ms
85ms

Image
image/gif

2606:4700::6812:19ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5819562367365101&output=html&h=280&adk=2838257118&adf=3369603303&pi=t.aa~a.248616470~i.7~rp.4&w=600&fwrn=4&fwrnh=100&lmt=1702065414&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=5754973339&ad_type=text_image&format=600x280&url=https%3A%2F%2Fricowhaz.com%2F&ea=0&fwr=0&pra=3&rh=150&rw=600&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702065414055&bpp=2&bdt=701&idt=-M&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=3&correlator=674355195507&frm=20&pv=1&ga_vid=796447280.1702065414&ga_sid=1702065414&ga_hid=712697624&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=444&ady=2241&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31079266%2C31079715%2C31079863%2C31079924%2C31079931%2C31079980%2C44807405%2C95320885&oid=2&pvsid=2508733947433904&tmod=733904588&uas=0&nvt=1&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&btvi=1&fsb=1&dtd=31
Protocol: H2
Server: 2606:4700::6812:19ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8327930e8fe8425e-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 115
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEK1b3ZLC0B6HMnnGKAIO3to&google_cver=1&google_push=AXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmRnOxLsoTEDe9PlmHJdmC3kogaKmaPLhoV83PC_Lvf61poxRuJ2ECBpGOSpUYr5EsIre8SQxb3i8uU6jrB9sk_iCVEqyDbn%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 8327930ddecd425e-EWR
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://aep.mxptint.net/sn.ashx?google_gid=CAESEIN8LieYXZWSzjGQhDTf9ro&google_cver=1&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ&google_hm=UjMzNjQ2XzEwRD...

170 B
188 B

29ms
29ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmThDR_081qWRE4zdt_frrBUL5d1J0dJjz9no2wZ2_84B3WvlR_bookh2gYH2Cd6Wj3adVLVOGb_1cIyrO6WyLvUL2gTAH6bSQ&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D
Date: Fri, 08 Dec 2023 19:56:55 GMT
Cache-Control: private
Strict-Transport-Security: max-age=-385070215; includeSubDomains
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length: 348
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEIC8qKP6J0jTmKnxj8vmXI4&google_cver=1&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwy...
https://x.bidswitch.net/ul_cb/sync?ssp=google&google_gid=CAESEIC8qKP6J0jTmKnxj8vmXI4&google_cver=1&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c4...
https://p.rfihub.com/cm?in=1&pub=20513&ssp=google&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=119&user_id=8606897805753183297&expires=30&ssp=google
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27&google_hm=1xabyvG4QSSBAWR1MlhUyQ==

170 B
188 B

30ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27&google_hm=1xabyvG4QSSBAWR1MlhUyQ==

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: //cm.g.doubleclick.net/pixel?google_nid=bdsw&google_push=AXcoOmTKvSN4a1yVp98rGA3snbb7JCBV_w1C-4Je4EiB3HjSoqmq1h5RgIRdWADSoKmtj5YaxKE46vDAGq_8c43PHTwymtBsUL27&google_hm=1xabyvG4QSSBAWR1MlhUyQ==
Date: Fri, 08 Dec 2023 19:56:55 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://trace.mediago.io/cs/google?google_gid=CAESEMIhfIK5MoOU1VTfhUlIs2c&google_cver=1&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmd...
https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmdYl5UtY&google_hm=81fa84b76b6...

170 B
188 B

31ms
31ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmdYl5UtY&google_hm=81fa84b76b60920d18hees00lpx1svdv

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQQ28gnuuFKQPMZuGmqgmad2n1MjL-RMAZ4zr939vtSDnqQAtqnoWPLe_5BvB-8_G9NnBWRf1QW2m6uUg_o44yXfPbmdYl5UtY&google_hm=81fa84b76b60920d18hees00lpx1svdv
date: Fri, 08 Dec 2023 19:56:55 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
content-type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://analytics.pangle-ads.com/api/ad/union/gg_cookie_matching?google_gid=CAESEGK9yj7kBB8L99TIQE47cCg&google_cver=1&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l...
https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l3F6OIw8lf96VjoNS5Yp1VP_-gMW1N8kzBOps

170 B
188 B

32ms
32ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l3F6OIw8lf96VjoNS5Yp1VP_-gMW1N8kzBOps

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-akamai-request-id: 22e1b251
date: Fri, 08 Dec 2023 19:56:55 GMT
x-bytefaas-request-id: 2023120819565543F9272E24FA43D3BE26
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-23120819565543F9272E24FA43D3BE26-17117D0A36E58130-00
x-cache: TCP_MISS from a23-209-100-91.deploy.akamaitechnologies.com (AkamaiGHost/11.3.2-52183077) (-)
server-timing: inner; dur=27, cdn-cache; desc=MISS, edge; dur=0, origin; dur=30
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2023120819565543F9272E24FA43D3BE26
access-control-max-age: 86400
access-control-allow-methods: *
location: https://cm.g.doubleclick.net/pixel?google_nid=toutiao_usd&google_push=AXcoOmTNvI2HFC78OMVYONVacb2R3950OzH0byjfyF3qkYKGURhFYTNTEBqWm2BED0l3F6OIw8lf96VjoNS5Yp1VP_-gMW1N8kzBOps
x-bytefaas-execution-duration: 25.48
access-control-allow-origin: *
access-control-allow-credentials: true
x-gw-dst-psm: ad.union.pangle_web_traffic
x-tt-trace-host: 017509cafe48c2123e645e73a3735aba7dcf5a29ced19d14a63cbd157e0ccec5bd7e17495ea8a16f4e8bde99d24057b8dadc22d4854284f5ca39404e7a68955b149c8cf231aca88e0bcdb7abed2e245db483d1d70017003f507385225c129bde1a
x-origin-response-time: 30,23.209.100.91
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: *
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 0387
Redirect Chain

https://www.temu.com/api/adx/cm/pixel?google_gid=CAESEPdWRbJ2_kgdfq2T6MNErUI&google_cver=1&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsT...
https://cm.g.doubleclick.net/pixel?google_nid=1371970550&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsTwRQhuT_GU

170 B
188 B

28ms
27ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1371970550&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsTwRQhuT_GU

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=2592000
server: nginx
content-security-policy-report-only: default-src 'none';script-src 'report-sample';report-uri /api/sec-csp/110000007/sec-gif
content-language: en-US
location: https://cm.g.doubleclick.net/pixel?google_nid=1371970550&google_push=AXcoOmSoB5giQMvNMhJTTc_9M05abQGWwc_L1EDmKwF4wHfZhEDPm8xDW4mn1Yu81r41roZ10BxwaQgTbSwRoBuOYz3UsTwRQhuT_GU
x-yak-request-id: 1702065415361-9ff00fe9e18e6713c3ee4798aa329428
yak-timeinfo: 1702065415361|3
cip: 5.181.234.133
alt-svc: h3=":443"; ma=604800
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 0387 0
12 B 28ms
27ms Image
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jd3NoAFeuks4iYuTFL3mw9rJyYWr6P0OEF_OaaHPIDv2wsidfWzKlhElWRlLzhkRKPqbbg-NF5

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame AA86
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=COxiIBnVzZY_WCIblrr4PwJKyEMis2NJ0yOvdwsASZBABILaczQNgycapi8Ck2A-gAf3q64YDyAEJqAMByAPLhICABKoE4wFP0DqZHJ-dmbFY0VFEWksbPlCe5qpSr8KlFH0Obk7L6xddJuv...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x97acd0d5eea8fbd70000000000000000%22,%222%22:%220x4d2af345a33975980000000000000000%22,%223%22:%220xd834b7...

0
0

67ms
32ms

Fetch
text/css

142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x97acd0d5eea8fbd70000000000000000%22,%222%22:%220x4d2af345a33975980000000000000000%22,%223%22:%220xd834b75d202f08910000000000000000%22,%224%22:%220x303e010fccc230c0000000000000000%22,%225%22:%220xa352280a7511c890000000000000000%22},%22debug_key%22:%226071869488420404651%22,%22debug_reporting%22:true,%22destination%22:%22https://northwestern.edu%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22819656061%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229610824144112650193%22}&andc=true

Requested by

Host: ricowhaz.com
URL: https://ricowhaz.com/

Protocol

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0x97acd0d5eea8fbd70000000000000000","2":"0x4d2af345a33975980000000000000000","3":"0xd834b75d202f08910000000000000000","4":"0x303e010fccc230c0000000000000000","5":"0xa352280a7511c890000000000000000"},"debug_key":"6071869488420404651","debug_reporting":true,"destination":"https://northwestern.edu","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["819656061"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"9610824144112650193"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 08 Dec 2023 19:56:55 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x97acd0d5eea8fbd70000000000000000","2":"0x4d2af345a33975980000000000000000","3":"0xd834b75d202f08910000000000000000","4":"0x303e010fccc230c0000000000000000","5":"0xa352280a7511c890000000000000000"},"debug_key":"6071869488420404651","debug_reporting":true,"destination":"https://northwestern.edu","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["819656061"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"9610824144112650193"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 7917
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CncQqBXVzZZ2pOoyMrr4P-b29sA_hqIfcdIq7-PCSEYrI5MGUDhABILaczQNgycapi8Ck2A-gAcj0xcYpyAEJqQLHxm3cKZh4PqgDAcgDywSqBOYBT9BlO8HYpsxgvgVUIq9GYkPa90PlbWY...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdcfa54cd8fbfee8a0000000000000000%22,%222%22:%220x69382699c328a3ef0000000000000000%22,%223%22:%220x682d7d...

0
0

32ms
32ms

Fetch
text/css

142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xdcfa54cd8fbfee8a0000000000000000%22,%222%22:%220x69382699c328a3ef0000000000000000%22,%223%22:%220x682d7d552cb530e80000000000000000%22,%224%22:%220x76f4a551b20f5c990000000000000000%22,%225%22:%220x93e6b96a68622b860000000000000000%22},%22debug_key%22:%22735520175073022829%22,%22debug_reporting%22:true,%22destination%22:%22https://foblue.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211153799752%22],%224%22:[%2212-08%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22461550541492203825%22}&andc=true

Requested by

Host: ricowhaz.com
URL: https://ricowhaz.com/

Protocol

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"aggregation_keys":{"1":"0xdcfa54cd8fbfee8a0000000000000000","2":"0x69382699c328a3ef0000000000000000","3":"0x682d7d552cb530e80000000000000000","4":"0x76f4a551b20f5c990000000000000000","5":"0x93e6b96a68622b860000000000000000"},"debug_key":"735520175073022829","debug_reporting":true,"destination":"https://foblue.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11153799752"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"461550541492203825"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 08 Dec 2023 19:56:55 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Fri, 08 Dec 2023 19:56:55 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xdcfa54cd8fbfee8a0000000000000000","2":"0x69382699c328a3ef0000000000000000","3":"0x682d7d552cb530e80000000000000000","4":"0x76f4a551b20f5c990000000000000000","5":"0x93e6b96a68622b860000000000000000"},"debug_key":"735520175073022829","debug_reporting":true,"destination":"https://foblue.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11153799752"],"4":["12-08"],"6":["true"]},"priority":"500","source_event_id":"461550541492203825"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame EC70 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EC70 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame EC70 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 montserrat-semibold.woff
contextual.media.net/__media__/fonts/montserrat-semibold/ Frame EC70 24 KB
24 KB 23ms
22ms Font
font/woff 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/montserrat-semibold/montserrat-semibold.woff

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2554&&kkdd=Hu%7C!%7Cn3u*hWAH9&DG=ZCJ9Jq*pZpqCZOOO**9&i~hY=J&gEhH=J&0~D=ZZ9d&IE0f=sOpZ&0G~=.jQ*nmZz8&0h0~=wOfd7MBSUZ-3QLiSe2~wG(%3D%3D&0YG~=CC9.9.qOC&EGUf=OOqS9.J&00=Q5&E0=BW&0w3g=oXnavBW&hG~=.zvmpB9.4&IhG~=-Z-*-xv&wIIhE=Z&YYY=IUnFws0_FskMmJmC29(g~r5-OzD9L(iI&3Ef=*&_(=Z&ri~=p&H~IZ=.jQZ54tpO&H~I9=OOCqdZ*O.&7~HIH=E~9%3D3r__yGrY_k_%3DZJyNifYhg%3DJAOCyD(kfS0%3DJA9dyDGEkE~%3D9JpyrY_kYhEk7%3DZ9AC*y~Ngk7%3DJACqy~09%3DZyE0~%3D3MyYHf%3DJ%2CJyDkHE3%3DdJJdy~Ngk_%3D9JyD_9YkE~%3D9J9OZ9J.ZJyGrY_k7%3DdpCAqdyrY_kIT0%3DJyrY_kY9Hk7%3DJyEI~%3D9.O.9*CZZ.yYHI%3DJAJJJ%2CJy_HEI%3Dy0DNi%3D*Ad*yDGEkrY_k7%3DJA*yD_9YkGkE~%3D9J9OZ9J.ZJyGh%3DZw_s5jrnH*hw*a5Ml!pIzGy277%3DJyDGEkrY_k_%3DJyYGGhrH%3DZC%2C9JyfI%3D9OyY0%3DZyYGErG~%3DJ%2CJyD_9YkGk7%3DJAJqyYhEkE~%3D9J9OZ9J.ZpyDGEk7%3D9.*ACdyYH~D%3DJAJJJ%2CJyrY_k7%3DZAJOyD_9YkrY_k7%3DJyD_9YkrY_kDG%3DZ!FZqyrY_kIDG%3DJyrY_k_%3DZJyE_D%3DZ.A*dyi0HI%3DFZy77%3DZdqyDD%3DJy0D_9YkE~%3D9J9yY2D%3Dp9AJCy_9Yk7%3DZJJJyfYhg%3DJAOCyD_9YkrY_kT0%3DJ!JyhEGk0%3DZ%2CZ%2CJ%2CJ%2CJ%2CJ%2CJ%2CJy7g%3DZyhEGk~%3DJyYTf%3DJ%2CJyYH~h%3DJAJJJ%2CJyHOhk7%3D.Ad9%2CZpCApqyEG~%3DCC9.9.qOCyE~%3DZyrG~%3D9RH4gwq_v2E3t.*CDUyrY_kYhEkT0%3DJy0D_9Yk7%3D*Ad*y7I~%3DOJCdCZCqOdJ.JZp9*Zdqd*ZJpOJ9qZJ*.J.OdOOq*JCC.*.Zdp*Jpppqq.*.*Z**.ppp*dCZ*9JdOOC*.JqdO9CqqCJ*.*JpJ*O***9yD(r%3DJA9dy~9hk_%3DZJy0D_9%3D*Ad*yOh02%3DdCOACqyrGg%3DJyYTI%3DJAJJJ%2CJy~ggkEIYi%3DwHYgN3My~9hk7%3DJAd.yNi~9hk7%3DJAd.yEE%3DBXy00%3DQ5yrG(%3DFZy0f%3DJyYhEk7%3DZpCApqyrY_kEYhEk7%3DZ9AC*yY0D%3Dp9AJCyjR%3DOJ*OyYT(h%3DJAJJJ%2CJyT7kr0%3DF9y3IE%3DZyT7k00TE%3DF9y0I%3D3f(%20MNYTy7EEkl-1%3DBX%2CBXyYT(~%3DJAJJJ%2CJy7HEGE9%3DZdqy7HEGEZ%3DZdqyGEnf2%3DJyGEG2%3DJyrY_kYh0k7%3DJy7G~%3DJAOCy~0%3D.yrY_kYhEkYD%3DJyD_9Yk7%3D.Ad9y07~h%3DJAJ.dyE~%3DZyGIMhfkG~%3DZCyEf__fYkIHikG~%3D9.O.9*CZZ.yErhh_MkIHikG~%3Dy~fIf0If~kIHikG~%3DyDGf(H7G_GIM%3DJA9dyhNE%3DOyH0kIMhf%3DZyH~7_T%3D9.O.9*CZZ.yHgh%3DZyNi7G~%3DJAOCJy72_Y%3DJAJZJyErG~%3DjX!5!X(DWziFWd1sni*JZUm7ZUJy~I0%3DfHEIkE0y~ggkfYhg%3D2H_Efy~gg%3DwHYgN3My7~h0Hh~%3DJy~H_i%3Dr3GEN3ZOyEigI%3D_N3ikIHG_kwNgfhHifk0HI0wH__yEN7h%3DJA9OySG~%3DXceFhr7F*.Zd*q9OqCOq*ZJZywIg_%3DZy~0rI%3DC*y~Ni7%3DJFZyG70%3DZy3EU%3DZyIiE%3DOOqS9.Jy7E7%3DJy7Eh%3DJyIgS%3DZdC&3ID=J&ggg=reNEB2RcV!T%3D&G(=OOq&G3R2Y=Z&7~YR~=9dp&7G~=OpZOJp&g02=dd9J&M~EhY=Z&7Hf=bSfifpUBbBybSfifppfbBypff&THIhYf=Z&THI7G~=FZJ9&Mh_h=Z&GEG~=9&EEg0YkDfY=*&hiG~=hZp9Z.ZCC*9I9J9OZ9J.Zd*q&EE_~=%7B%22EEGh%22%3A%229HJ~%3A*qJJ%3AJJ9p%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%22%2C%22EE00%22%3A%22Q5%22%2C%22EEE0%22%3A%22BW%22%2C%22EE0IM%22%3A%22Bf(%20WNYT%22%7D&wIg_EY0=Z&sflct=4952349&ure=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

541c1dec9560ca0b3650854c7111c8a34f1deeacefa81cdf6619024916928661

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2554&&kkdd=Hu%7C!%7Cn3u*hWAH9&DG=ZCJ9Jq*pZpqCZOOO**9&i~hY=J&gEhH=J&0~D=ZZ9d&IE0f=sOpZ&0G~=.jQ*nmZz8&0h0~=wOfd7MBSUZ-3QLiSe2~wG(%3D%3D&0YG~=CC9.9.qOC&EGUf=OOqS9.J&00=Q5&E0=BW&0w3g=oXnavBW&hG~=.zvmpB9.4&IhG~=-Z-*-xv&wIIhE=Z&YYY=IUnFws0_FskMmJmC29(g~r5-OzD9L(iI&3Ef=*&_(=Z&ri~=p&H~IZ=.jQZ54tpO&H~I9=OOCqdZ*O.&7~HIH=E~9%3D3r__yGrY_k_%3DZJyNifYhg%3DJAOCyD(kfS0%3DJA9dyDGEkE~%3D9JpyrY_kYhEk7%3DZ9AC*y~Ngk7%3DJACqy~09%3DZyE0~%3D3MyYHf%3DJ%2CJyDkHE3%3DdJJdy~Ngk_%3D9JyD_9YkE~%3D9J9OZ9J.ZJyGrY_k7%3DdpCAqdyrY_kIT0%3DJyrY_kY9Hk7%3DJyEI~%3D9.O.9*CZZ.yYHI%3DJAJJJ%2CJy_HEI%3Dy0DNi%3D*Ad*yDGEkrY_k7%3DJA*yD_9YkGkE~%3D9J9OZ9J.ZJyGh%3DZw_s5jrnH*hw*a5Ml!pIzGy277%3DJyDGEkrY_k_%3DJyYGGhrH%3DZC%2C9JyfI%3D9OyY0%3DZyYGErG~%3DJ%2CJyD_9YkGk7%3DJAJqyYhEkE~%3D9J9OZ9J.ZpyDGEk7%3D9.*ACdyYH~D%3DJAJJJ%2CJyrY_k7%3DZAJOyD_9YkrY_k7%3DJyD_9YkrY_kDG%3DZ!FZqyrY_kIDG%3DJyrY_k_%3DZJyE_D%3DZ.A*dyi0HI%3DFZy77%3DZdqyDD%3DJy0D_9YkE~%3D9J9yY2D%3Dp9AJCy_9Yk7%3DZJJJyfYhg%3DJAOCyD_9YkrY_kT0%3DJ!JyhEGk0%3DZ%2CZ%2CJ%2CJ%2CJ%2CJ%2CJ%2CJy7g%3DZyhEGk~%3DJyYTf%3DJ%2CJyYH~h%3DJAJJJ%2CJyHOhk7%3D.Ad9%2CZpCApqyEG~%3DCC9.9.qOCyE~%3DZyrG~%3D9RH4gwq_v2E3t.*CDUyrY_kYhEkT0%3DJy0D_9Yk7%3D*Ad*y7I~%3DOJCdCZCqOdJ.JZp9*Zdqd*ZJpOJ9qZJ*.J.OdOOq*JCC.*.Zdp*Jpppqq.*.*Z**.ppp*dCZ*9JdOOC*.JqdO9CqqCJ*.*JpJ*O***9yD(r%3DJA9dy~9hk_%3DZJy0D_9%3D*Ad*yOh02%3DdCOACqyrGg%3DJyYTI%3DJAJJJ%2CJy~ggkEIYi%3DwHYgN3My~9hk7%3DJAd.yNi~9hk7%3DJAd.yEE%3DBXy00%3DQ5yrG(%3DFZy0f%3DJyYhEk7%3DZpCApqyrY_kEYhEk7%3DZ9AC*yY0D%3Dp9AJCyjR%3DOJ*OyYT(h%3DJAJJJ%2CJyT7kr0%3DF9y3IE%3DZyT7k00TE%3DF9y0I%3D3f(%20MNYTy7EEkl-1%3DBX%2CBXyYT(~%3DJAJJJ%2CJy7HEGE9%3DZdqy7HEGEZ%3DZdqyGEnf2%3DJyGEG2%3DJyrY_kYh0k7%3DJy7G~%3DJAOCy~0%3D.yrY_kYhEkYD%3DJyD_9Yk7%3D.Ad9y07~h%3DJAJ.dyE~%3DZyGIMhfkG~%3DZCyEf__fYkIHikG~%3D9.O.9*CZZ.yErhh_MkIHikG~%3Dy~fIf0If~kIHikG~%3DyDGf(H7G_GIM%3DJA9dyhNE%3DOyH0kIMhf%3DZyH~7_T%3D9.O.9*CZZ.yHgh%3DZyNi7G~%3DJAOCJy72_Y%3DJAJZJyErG~%3DjX!5!X(DWziFWd1sni*JZUm7ZUJy~I0%3DfHEIkE0y~ggkfYhg%3D2H_Efy~gg%3DwHYgN3My7~h0Hh~%3DJy~H_i%3Dr3GEN3ZOyEigI%3D_N3ikIHG_kwNgfhHifk0HI0wH__yEN7h%3DJA9OySG~%3DXceFhr7F*.Zd*q9OqCOq*ZJZywIg_%3DZy~0rI%3DC*y~Ni7%3DJFZyG70%3DZy3EU%3DZyIiE%3DOOqS9.Jy7E7%3DJy7Eh%3DJyIgS%3DZdC&3ID=J&ggg=reNEB2RcV!T%3D&G(=OOq&G3R2Y=Z&7~YR~=9dp&7G~=OpZOJp&g02=dd9J&M~EhY=Z&7Hf=bSfifpUBbBybSfifppfbBypff&THIhYf=Z&THI7G~=FZJ9&Mh_h=Z&GEG~=9&EEg0YkDfY=*&hiG~=hZp9Z.ZCC*9I9J9OZ9J.Zd*q&EE_~=%7B%22EEGh%22%3A%229HJ~%3A*qJJ%3AJJ9p%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%3AJJJJ%22%2C%22EE00%22%3A%22Q5%22%2C%22EEE0%22%3A%22BW%22%2C%22EE0IM%22%3A%22Bf(%20WNYT%22%7D&wIg_EY0=Z&sflct=4952349&ure=1
Origin: https://contextual.media.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 24784
expires: Sat, 09 Dec 2023 19:56:55 GMT

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame B9C2 50 KB
19 KB 18ms
16ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 15:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Dec 2024 15:05:03 GMT

GET
H3 200 gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 3CC9 50 KB
19 KB 19ms
18ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/gPTZx8Qg5YtqHYATuVEq7wiNXgGYJLmNtV6Q-nRIA0Y.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 15:05:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 17512
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19632
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Dec 2024 15:05:03 GMT

GET
H2 200 bql.php Show response
lg3.media.net/ Frame EC70 15 B
178 B 66ms
60ms Script
text/javascript 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=6106&&vgd_canary=0&vgd_l2type=scs_newfl&fp=5GuHcod1nvSL0TtsW1QD3oukQBkOD_us9vHRMCKMxuyJxzp9SP6bw0fzw5F-qVpohPcULUz9lCjnujsvOc46P95zTNCXkxeLKhZUixa9H54Z0cLkd5RMnwn6A1E3gcIF60euJC7lwZ48EefnAoilvA%3D%3D&cme=G-ng1UvhmJmynLeeYigv-aAPzgqTsiFlnLeifVT7mZaVHooK3W2tl3hB6d50dfK84CGFaIwZNRFlwo58eb9gJnF3R8FaY-OjGm6Ltk170z5lJaUBShoR9f_yHi_YPaAv3uZRwRRFdedkV1_zrQ9bV-jJ7Cp3P6eSqvTT1vnLQTjB837iQrLnxBTVxX4I2twIlDIzO8IXTyBQ9IXLyR-m0vDgVwrSDB6En-62H-vybMXbL53qxqTV_Q%3D%3D%7C%7Cu8A6SM53vAeV5r4ww6ldE8TMDOtCsF6e%7Cqk5jDP-Bqht8AUEIoCxyGGxeRRMQBwSB%7CdsA6EMpZ47R6ljdz__nQtthZoUpm2bb5%7Ca0AmFUYXmD46uF8UR0TFEOHcvEtvyyIN3EBR9U-PQpk%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7CXsTF06wqhHwMiQD2AyPwY1DXo7JIOkdKE9q9j4NFmdv7aHNCbZx7UAWbWTYZ_lL6MLujLn73ImyBjpmmsH4EVEnvA6sTLN5g0E-I9umBOYyGVVAxXzue9gAubnvLLrQimqWzDB5UIVoCelMhmZKUoLJkPHMsaKd3yW4lpj1xyYBXIviWc7Pc4YJyDKERcrcwg3BOiDJUFkppeyvif4kOLqdIoIu37z-x-PABRBq_KEy0YeUN-lxf-ux6UNFKDcMO6EDRQ9lHTCGQUSZN6sMUnA%3D%3D%7C&subBdr=196&bdrid=294&ksu=355&fdkt=391&vgde_kbbh=ffoyxQJuO&kwd[]=5+Best+Medicare+Supplement+Plans&kwt[]=391&kbc[]=1262905965&kwp[]=1&kid[]=350503938&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0002%7C8%3D120808%7C13%3D0.4056%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C53%3D18.25%7C12%3D14.74%7C80%3D5.02%7C74%3D2.13%7C60%3D2.80%7C1%3D5.02%7C2%3D19.59&ktd[]=4503874522251520&kwd[]=Top+5+Medicare+Advantage+Plans&kwt[]=391&kbc[]=1262905965&kwp[]=2&kid[]=329961779&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.3151%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C53%3D11.41%7C12%3D18.03%7C80%3D6.91%7C74%3D2.13%7C60%3D3.17%7C1%3D6.91%7C2%3D41.99&ktd[]=4503874522251520&kwd[]=Personal+Loans+Without+Credit+Check&kwt[]=391&kbc[]=1262905965&kwp[]=3&kid[]=325348481&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.2092%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C53%3D3.95%7C12%3D1.48%7C80%3D1.07%7C74%3D2.13%7C60%3D0.79%7C1%3D1.07%7C2%3D5.48&ktd[]=274894881024&kwd[]=7%25+Interest+Bank+Savings+Account&kwt[]=391&kbc[]=1262905965&kwp[]=4&kid[]=351038714&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.2019%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C53%3D4.68%7C12%3D1.82%7C80%3D3.04%7C74%3D2.13%7C60%3D0.55%7C1%3D3.04%7C2%3D16.33&ktd[]=4503874522251520&kwd[]=%24750+Limit+Cards+for+Bad+Credit&kwt[]=391&kbc[]=1262905965&kwp[]=5&kid[]=350688470&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.1832%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C53%3D3.93%7C12%3D7.11%7C80%3D2.00%7C74%3D2.13%7C60%3D1.83%7C1%3D2.00%7C2%3D13.09&ktd[]=4503874522251520&v=1&geo=37.33%7C-80.97&dlper=20&lper=100&lpid=&tsid=7&hint=&cc=US&wsip=170774531&bca=0&ugd=4&vgde_setid=Nff&ssld=%7B%22QQNN%22%3A%22Pb%22%2C%22QQN75%22%3A%22IJBn3mLU%22%2C%22QQ8E%22%3A%22f19O%3AXF99%3A99fH%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQQN%22%3A%22I3%22%7D&cid=8CU5RJ1PV&vi=1702065414671333552&vsid=3450670140813369&tdAdd[]=asnum%3D9009&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_adprefflag=11&vgd_adpref_diff=1000&vgd_fm_lang=EN&vgd_implt=3&vgd_cage=1&vgd_tsce=L341-S341&vgd_l3_sc=NY&vgd_chost=contextual.media.net&vgd_sslb=1111&vgd_hb_audit_1=8CU1SGZ43&vgd_hb_audit_2=337691538&vgd_katbid=-102&vgd_pdtid=1&vgd_nrrv=37575&vgd_nrrmf=3000c82a&vgd_nrrsf=scrr&vgd_cty=princeton&vgd_ifrmode=14&sttm=1702065414916&upk=1702065415.22440&hvsid=00000170206541491600958081339131&verid=3111299&sbdrId=196&tsrc=entity&kafm_ull_cache=00&vgd_l1rakh=1702065414137146644&vgd_ecrid=1700080800127000336028000025600&vgd_isiolc=1&kbbq=%26asn%3D9009&vgde_ydsp=%7B%22QEx%22%3A%22%2FKTP4nXuWX%22%7D&vgd_mcf=9920&vgd_vstrid=3450670140813369&vgde_bdata=QOfvzxjj~8xLjMjvu9~myJLEYv9.Ah~eBMJ-Nv9.fi~e8QMQOvf9H~xLjMLEQMGvuf.hX~OmYMGv9.hF~ONfvu~QNOvz5~L1Jv9%2C9~eM1Qzvi99i~OmYMjvf9~ejfLMQOvf9fAuf9Wu9~8xLjMGviHh.Fi~xLjM7UNv9~xLjMLf1MGv9~Q7OvfWAWfXhuuW~L17v9.999%2C9~j1Q7v~NemyvX.iX~e8QMxLjMGv9.X~ejfLM8MQOvf9fAuf9Wu9~8EvuwjTb%3DxD1XEwXcb5C4H708~kGGv9~e8QMxLjMjv9~L88Ex1vuh%2Cf9~J7vfA~LNvu~L8Qx8Ov9%2C9~ejfLM8MGv9.9F~LEQMQOvf9fAuf9WuH~e8QMGvfWX.hi~L1Oev9.999%2C9~xLjMGvu.9A~ejfLMxLjMGv9~ejfLMxLjMe8vu4ouF~xLjM7e8v9~xLjMjvu9~QjevuW.Xi~yN17vou~GGvuiF~eev9~NejfLMQOvf9f~LkevHf.9h~jfLMGvu999~JLEYv9.Ah~ejfLMxLjMUNv949~EQ8MNvu%2Cu%2C9%2C9%2C9%2C9%2C9%2C9~GYvu~EQ8MOv9~LUJv9%2C9~L1OEv9.999%2C9~1AEMGvW.if%2CuHh.HF~Q8OvhhfWfWFAh~QOvu~x8OvfV1ZYwFjakQz2WXhel~xLjMLEQMUNv9~NejfLMGvX.iX~G7OvA9hihuhFAi9W9uHfXuiFiXu9HA9fFu9XW9WAiAAFX9hhWXWuiHX9HHHFFWXWXuXXWHHHXihuXf9iAAhXW9FiAfhFFh9XWX9H9XAXXXf~eBxv9.fi~OfEMjvu9~NejfvX.iX~AENkvihA.hF~x8Yv9~LU7v9.999%2C9~OYYMQ7Lyvw1LYmz5~OfEMGv9.iW~myOfEMGv9.iW~QQvIK~NNvPb~x8Bvou~NJv9~LEQMGvuHh.HF~xLjMQLEQMGvuf.hX~LNevHf.9h~%3DVvA9XA~LUBEv9.999%2C9~UGMxNvof~z7Qvu~UGMNNUQvof~N7vzJBn5mLU~GQQMC_pvIK%2CIK~LUBOv9.999%2C9~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8Q8kv9~xLjMLENMGv9~G8Ov9.Ah~ONvW~xLjMLEQMLev9~ejfLMGvW.if~NGOEv9.9Wi~QOvu~875EJM8Ovuh~QJjjJLM71yM8OvfWAWfXhuuW~QxEEj5M71yM8Ov~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.fi~EmQvA~1NM75EJvu~1OGjUvfWAWfXhuuW~1YEvu~myG8Ov9.Ah9~GkjLv9.9u9~Qx8Ov%3DK4b4KBe30yo3ipTDyX9ul6Gul9~O7NvJ1Q7MQN~OYYMJLEYvk1jQJ~OYYvw1LYmz5~GOEN1EOv9~O1jyvxz8QmzuA~QyY7vjmzyM718jMwmYJE1yJMN17Nw1jj~QmGEv9.fA~-8OvKrtoExGoXWuiXFfAFhAFXu9u~w7Yjvu~ONx7vhX~OmyGv9ou~8GNvu~zQlvu~7yQvAAF-fW9~GQGv9~GQEv9~7Y-vuih&vgd_bhv_kbb=-1&vgd_cfud=221102&vgd_scsver=279&vgd_optout=0&vgd_ydspr=1&vgd_l2shld=1&vgd_rensize=336_280&vgd_scr_h=1200&vgd_scr_w=1600&vgd_dma=501&vgd_ect=4g&vgde_ydata=duh%25Aru&vgd_l1cdv=1129&vgd_l1rpth=%2Fnmedianet.js&vgd_lbt=1000&vgd_mbr=1&vgd_pgids=1&tdAdd[]=uiparams%3D%3Brend_w%3A336%3Brend_h%3A280&vgd_uspa=0&vgd_sc=NY&vgd_l1rhst=contextual.media.net&hvsid=00000170206541491600958081339131&rc=0&rand=1702065415338&acid=9e5bf66d2edae1f0d216ff09c1d0a179&matm=1702065415338&vgd_ltimesrc=1&vgd_ltime=634&vgd_rtime=601&vgd_etm=16&vgd_l1hcsd=Og4dd%7C8162&vgd_l1ch=1&vgd_lhl=5601&vgd_pgid=p1421817752t202312081956&vgd_csip=rtb-appnexus-5fd6bb7f75-tfvn6.SC&vgd_sbSup=1&vgd_nrrs=37575&vgd_cntrdt=SL%7CBODY%7CHTML&vgd_eadm=1&vgd_matchstr=hr%3D0%7C&vgd_end=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Fri, 08 Dec 2023 19:56:55 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 15
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame 76E9
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1&google_push=AXcoOmQBGc-2DuNtfSYDQL3b4FBzILlYfL30RtIfybF7COnkGkow27AfnKy9Bdz6cmuJRgjEQfkIuS9BohH3FtQjVyjIbK8Zq0UXiQuM
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=MjY1MTcyMDkzNTIxNjQ2MjA3NA==&gdpr=&gdpr_consent=
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1

43 B
398 B

14ms
13ms

Image
image/gif

69.194.242.12
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1
Protocol: H2
Server: 69.194.242.12 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?gdpr=&gdpr_consent=&google_gid=CAESEKigJ7O2CzOVu6Nbd53e2So&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y2ZOd0h3NkExUmJHWFo1&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-ud...

170 B
188 B

30ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y2ZOd0h3NkExUmJHWFo1&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-udAV4w3nI7wxU35ZztcAO1atIhKnfIPOwyHKfBT2aVGM0LM1rO91JPoD-Wt

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 19:56:55 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-795-gb641a57#rel-ec2-master i-02b3a7ab0aed7d206@us-east-1d@dxedge-app-us-east-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=Y2ZOd0h3NkExUmJHWFo1&google_gid=CAESEAI-p-g81DUCf3wpecCU37o&google_cver=1&google_push=AXcoOmQS1ST_a5ee2C9cMNvHrU5Hxzv6w1f55byqHd9Z-udAV4w3nI7wxU35ZztcAO1atIhKnfIPOwyHKfBT2aVGM0LM1rO91JPoD-Wt
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://aep.mxptint.net/sn.ashx?google_gid=CAESEGYKWq0KiEkie92gFB1rVhM&google_cver=1&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8Zag...
https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8ZagnhbX&google_hm=UjMzNjQ2XzEw...

170 B
188 B

32ms
31ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8ZagnhbX&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=pf8b3zh4kyw&google_push=AXcoOmTEigeRb3RLBg8iCSOyN-mWYJ6re9tvkggF4cbJbqUkfpyEroCh1EQKdd2UYBegjRo-qkP-r5WPUjYgAMcAdqjavotF8ZagnhbX&google_hm=UjMzNjQ2XzEwRDYyRDc5Q182NTIwNDA0Mg%3D%3D
Date: Fri, 08 Dec 2023 19:56:55 GMT
Cache-Control: private
Strict-Transport-Security: max-age=-385070215; includeSubDomains
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Content-Length: 350
Content-Type: text/html; charset=utf-8

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEMReQykTVeTLrR1dwATcvuc&google_cver=1&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhhQ-YofXX34l8VrFJkb
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BE8A48E3FCED4E79BC63981C75CE5C33&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhh...

170 B
188 B

32ms
31ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BE8A48E3FCED4E79BC63981C75CE5C33&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhhQ-YofXX34l8VrFJkb

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=BE8A48E3FCED4E79BC63981C75CE5C33&google_push=AXcoOmT9l_HlywMbHC1avDuINEzpFL7LFQBaXqrwtrHvza2UPO5GxGRmHBTz2lpOB6hCQPezg1WaFLztIR8tuhhQ-YofXX34l8VrFJkb
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 07 Dec 2023 19:56:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEGbYTxrkydbP-yxCdK6Vde4&google_cver=1&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9yZW-SrHDgoqwrzIk5aqy
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dnlUZ205R2tBWkdGU0xrQ0IzVnpaUQ%3D%3D&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9y...

170 B
188 B

29ms
29ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dnlUZ205R2tBWkdGU0xrQ0IzVnpaUQ%3D%3D&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9yZW-SrHDgoqwrzIk5aqy

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 08 Dec 2023 19:56:55 GMT
server: nginx
accept-ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=dnlUZ205R2tBWkdGU0xrQ0IzVnpaUQ%3D%3D&google_push=AXcoOmTgnKZ3T8kQA_X7xLsUuFXBJ9qlk7PWRqn3kKXT8m3TqMHaTA2MFtv6WDdjfsz-t-7uxr_wA6acKrp9yZW-SrHDgoqwrzIk5aqy
content-type: text/html; charset=utf-8
cache-control: no-store
content-length: 247

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTWHAbC...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAXcoOmTWHAbC...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDgxOTU2NTUwMDA1MzYwMjQwOTk0OA%3D%3D&google_push=AXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Rui...

170 B
188 B

30ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDgxOTU2NTUwMDA1MzYwMjQwOTk0OA%3D%3D&google_push=AXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Ruij5kHH13KCmetIaTNfyu_Xd-JnOu-f9_fe8

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMzEyMDgxOTU2NTUwMDA1MzYwMjQwOTk0OA%3D%3D&google_push=AXcoOmTWHAbC90klBeuLbZLmrJciU3qBvLirMaMBkYTUV5SXG7lZg37jnknfTl28HB9Ruij5kHH13KCmetIaTNfyu_Xd-JnOu-f9_fe8
pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=2628000
content-length: 0
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 76E9
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESELPEf_-0f_Hpi5uXhF1ZAQw&google_cver=1&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kW...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESELPEf_-0f_Hpi5uXhF1ZAQw&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kW...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0&google_hm=Q2V0ZC1JR0M5ekFo...

170 B
188 B

31ms
30ms

Image
image/png

172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0&google_hm=Q2V0ZC1JR0M5ekFoYWRkU0Q1Rmc=

Requested by

Protocol

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 08 Dec 2023 19:56:55 GMT
Content-Type: text/html; charset=utf-8
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AXcoOmR8bD60E-o8gSnbQuzpvua7re9tB88OnwL8w7mGAH_TT2uDikUeLSiZQPaHF7fdQmn9spu-U9CKYB0kWRvplDJBPe6INdB85Dq0&google_hm=Q2V0ZC1JR0M5ekFoYWRkU0Q1Rmc=
P3p: CP="We do not support P3P header."
Cache-Control: no-cache, no-store, must-revalidate
Content-Length: 240
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 76E9 0
12 B 24ms
23ms Image
text/html 172.253.63.155
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Iu8j6FZSD_yL_gpT1fIUAD23mikQJ_XtdQfcH2U2iG_NrbGEXIbkg7ttKPd38Gwyqfspuk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.63.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f155.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 69ms
31ms Preflight
text/html 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 19:56:55 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C061 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C061 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame C061 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 montserrat-semibold.woff
contextual.media.net/__media__/fonts/montserrat-semibold/ Frame C061 24 KB
24 KB 31ms
31ms Font
font/woff 23.55.204.22
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/__media__/fonts/montserrat-semibold/montserrat-semibold.woff

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2623&&kkdd=AA%7Ch%7C3n*AuH9&q~=lO.!.)0*l0O*lJJ))!J&FZeC=.&-feD=.&_Zq=ll!P&xf_z=bN*l&_~Z=JIA0K2lHs&_e_Z=8NzPWQvRyln7ABFRi(Z8~V%3D%3D&_C~Z=OO!J!J)NO&f~yz=NN)R!J.&__=A1&f_=vM&_87-=f--G-~FCDx~u7Gxzfx&e~Z=JHk2*v!JS&xe~Z=nln0nwk&8xxef=l&CCC=xyKr8b_3rbGQ2.2O(!V-Zj1nNHq!BVFx&7fz=0&3V=l&jFZ=*&DZxl=JIAl1So*N&DZx!=NNO)Pl0NJ&WZDxD=fZ!%3D7j33Y~jC3G3%3Dl.YuFzCe-%3D.4!OYZu-GW%3D.4O)Yf_Z%3D7QYCDz%3D.%2C.YZu-G3%3D!.Yq3!CGfZ%3D!.!Nl!.Jl.Y~jC3GW%3DP*O4)PYjC3Gxm_%3D.YjC3GC!DGW%3D.YfxZ%3Dll*JJN.Pl)YCDx%3D.4...%2C.Y~e%3Dl83b1IjKD0e80L1Qc6*xH~Y(WW%3D.YC~~ejD%3DlO%2C!.YC_%3DlYC~fj~Z%3D.%2C.YCefGfZ%3D!.!Nl!.Jl*YCDZq%3D.4...%2C.YjC3GW%3Dl4.NYq3!CGjC3GW%3D.Yf--GVC%3DO4lOllYjC3G3%3Dl.Yf3q%3DlJ40PYF_Dx%3DrlYWW%3DlP)Yf--G-j3%3D.4J!YzCe-%3D.4!OYq3!CGjC3Gm_%3D.6.Yef~G_%3Dl%2Cl%2C.%2C.%2C.%2C.%2C.%2C.YW-%3DlYef~GZ%3D.YCmz%3D.%2C.YDNeGW%3DJ4P!%2Cl*O4*)YfZ%3DlYj~Z%3D!aDS3b-q85*jNSOP18Y_q3!CGW%3D04P0YWxZ%3DN.OPOlO)NP.J.ll.)Pl..J.NNN)lJl0lJ)!.*!O.J*P*.ON!!P*P*J).0!P)l0NJ!.!NlO*0)P!!OlPl!NOO0P!ONlNJJJ0P.)P!N0!Yj~-%3D.YCmx%3D.4...%2C.YuFZ!eGW%3D.4P0Yff%3DvpY__%3DA1Yj~V%3DrlY_z%3D.YC_q%3D*!4.OYIa%3DN.0*YmWGj_%3Dr!Y7xf%3DlYmWG__mf%3Dr!Y_x%3D7zV%20QuCmYWffGcnT%3Dvp%2CvpYWDf~f!%3DlP)YWDf~fl%3DlP)YZ_%3DJYq3!CGW%3DJ4P!YqVGzR_%3D.4!NYq~fGfZ%3D!.*YjC3GCefGW%3Dl!4O0YZ_!%3DlYqGDf7%3DP..PY3Dfx%3DY_quF%3D04P0Yq~fGjC3GW%3D.40Yq3!CG~GfZ%3D!.!Nl!.Jl.Yq~fGjC3G3%3D.Yzx%3D!NYq3!CG~GW%3D.4.)Yq~fGW%3D!lN4*OYq3!CGjC3Gq~%3Dl6rl)YjC3Gxq~%3D.Yqq%3D.Y_q3!CGfZ%3D!.!YC(q%3D*!4.OY3!CGW%3Dl...Yf--GfZ%3D!.!Nl!.JlNYCDZe%3D.4...%2C.Yf~Z%3DOO!J!J)NOYjC3GCefGm_%3D.YqVj%3D.4!NYZ!eG3%3Dl.Y_q3!%3D04P0YNe_(%3DPON4O)YZ--GfxCF%3Df--G-~FCDx~u7GxzfxYZ!eGW%3D.4POYCefGW%3Dl*O4*)YjC3GfCefGW%3Dl!4O0YCmVe%3D.4...%2C.YCmVZ%3D.4...%2C.Y~fKz(%3D.Y~f~(%3D.YjC3GCe_GW%3D.YW~Z%3D.4!!YjC3GCefGCq%3D.Y_WZe%3D.4!!.YfZ%3DlY~xQezG~Z%3DlOYfz33zCGxDFG~Z%3Dll*JJN.Pl)Yfjee3QGxDFG~Z%3DYZzxz_xzZGxDFG~Z%3DYq~zVDW~3~xQ%3D.4!NYeuf%3DNYD_GxQez%3DlYDZW3m%3Dll*JJN.Pl)YD-e%3DlYuFW~Z%3D.4!O.YW(3C%3D.4.l.Yfj~Z%3DIp616HplRpt5ib!Pngf_8aGQj0AYZx_%3DzDfxGf_YZ--GzCe-%3D(D3fzYZ--%3Df--G-~FCDx~u7GxzfxYWZe_DeZ%3D.YZD3F%3Df--YfF-x%3D3u7FGxD~3G8u-zeDFzG_Dx_8D33YfuWe%3D.4lOYR~Z%3Dp5irejWr0JlP0)!N)ON)0l.lY8x-3%3DlYf--GDe~%3DqlY~W_%3DlY7fy%3DlYxFf%3DNN)R!J.YWfW%3D.YWfe%3D.Yx-R%3D!.!&7xq=.&---=jiufv(a5g6m%3D&~V=NN)&~7a(C=l&WZCaZ=!P*&W~Z=NNOPP0&-_(=PP!.&QZfeC=l&WDz=hRzFz*yvhvYhRzFz**zhvY*zz&mDxeCz=l&mDxW~Z=rl.!&Qe3e=l&~f~Z=!&ff-_CGqzC=0&eF~Z=el*!lJlOO0!x!.!Nl!.JlP0)&ff3Z=%7B%22ff~e%22%3A%22!D.Z%3A0)..%3A..!*%3A....%3A....%3A....%3A....%3A....%22%2C%22ff__%22%3A%22A1%22%2C%22fff_%22%3A%22vM%22%2C%22ff_xQ%22%3A%22vzV%20MuCm%22%7D&8x-3fC_=l&sflct=4952349&ure=1

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.55.204.22 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-55-204-22.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

541c1dec9560ca0b3650854c7111c8a34f1deeacefa81cdf6619024916928661

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://contextual.media.net/sr/2722522032/SAFEFRAME.html?ule=2623&&kkdd=AA%7Ch%7C3n*AuH9&q~=lO.!.)0*l0O*lJJ))!J&FZeC=.&-feD=.&_Zq=ll!P&xf_z=bN*l&_~Z=JIA0K2lHs&_e_Z=8NzPWQvRyln7ABFRi(Z8~V%3D%3D&_C~Z=OO!J!J)NO&f~yz=NN)R!J.&__=A1&f_=vM&_87-=f--G-~FCDx~u7Gxzfx&e~Z=JHk2*v!JS&xe~Z=nln0nwk&8xxef=l&CCC=xyKr8b_3rbGQ2.2O(!V-Zj1nNHq!BVFx&7fz=0&3V=l&jFZ=*&DZxl=JIAl1So*N&DZx!=NNO)Pl0NJ&WZDxD=fZ!%3D7j33Y~jC3G3%3Dl.YuFzCe-%3D.4!OYZu-GW%3D.4O)Yf_Z%3D7QYCDz%3D.%2C.YZu-G3%3D!.Yq3!CGfZ%3D!.!Nl!.Jl.Y~jC3GW%3DP*O4)PYjC3Gxm_%3D.YjC3GC!DGW%3D.YfxZ%3Dll*JJN.Pl)YCDx%3D.4...%2C.Y~e%3Dl83b1IjKD0e80L1Qc6*xH~Y(WW%3D.YC~~ejD%3DlO%2C!.YC_%3DlYC~fj~Z%3D.%2C.YCefGfZ%3D!.!Nl!.Jl*YCDZq%3D.4...%2C.YjC3GW%3Dl4.NYq3!CGjC3GW%3D.Yf--GVC%3DO4lOllYjC3G3%3Dl.Yf3q%3DlJ40PYF_Dx%3DrlYWW%3DlP)Yf--G-j3%3D.4J!YzCe-%3D.4!OYq3!CGjC3Gm_%3D.6.Yef~G_%3Dl%2Cl%2C.%2C.%2C.%2C.%2C.%2C.YW-%3DlYef~GZ%3D.YCmz%3D.%2C.YDNeGW%3DJ4P!%2Cl*O4*)YfZ%3DlYj~Z%3D!aDS3b-q85*jNSOP18Y_q3!CGW%3D04P0YWxZ%3DN.OPOlO)NP.J.ll.)Pl..J.NNN)lJl0lJ)!.*!O.J*P*.ON!!P*P*J).0!P)l0NJ!.!NlO*0)P!!OlPl!NOO0P!ONlNJJJ0P.)P!N0!Yj~-%3D.YCmx%3D.4...%2C.YuFZ!eGW%3D.4P0Yff%3DvpY__%3DA1Yj~V%3DrlY_z%3D.YC_q%3D*!4.OYIa%3DN.0*YmWGj_%3Dr!Y7xf%3DlYmWG__mf%3Dr!Y_x%3D7zV%20QuCmYWffGcnT%3Dvp%2CvpYWDf~f!%3DlP)YWDf~fl%3DlP)YZ_%3DJYq3!CGW%3DJ4P!YqVGzR_%3D.4!NYq~fGfZ%3D!.*YjC3GCefGW%3Dl!4O0YZ_!%3DlYqGDf7%3DP..PY3Dfx%3DY_quF%3D04P0Yq~fGjC3GW%3D.40Yq3!CG~GfZ%3D!.!Nl!.Jl.Yq~fGjC3G3%3D.Yzx%3D!NYq3!CG~GW%3D.4.)Yq~fGW%3D!lN4*OYq3!CGjC3Gq~%3Dl6rl)YjC3Gxq~%3D.Yqq%3D.Y_q3!CGfZ%3D!.!YC(q%3D*!4.OY3!CGW%3Dl...Yf--GfZ%3D!.!Nl!.JlNYCDZe%3D.4...%2C.Yf~Z%3DOO!J!J)NOYjC3GCefGm_%3D.YqVj%3D.4!NYZ!eG3%3Dl.Y_q3!%3D04P0YNe_(%3DPON4O)YZ--GfxCF%3Df--G-~FCDx~u7GxzfxYZ!eGW%3D.4POYCefGW%3Dl*O4*)YjC3GfCefGW%3Dl!4O0YCmVe%3D.4...%2C.YCmVZ%3D.4...%2C.Y~fKz(%3D.Y~f~(%3D.YjC3GCe_GW%3D.YW~Z%3D.4!!YjC3GCefGCq%3D.Y_WZe%3D.4!!.YfZ%3DlY~xQezG~Z%3DlOYfz33zCGxDFG~Z%3Dll*JJN.Pl)Yfjee3QGxDFG~Z%3DYZzxz_xzZGxDFG~Z%3DYq~zVDW~3~xQ%3D.4!NYeuf%3DNYD_GxQez%3DlYDZW3m%3Dll*JJN.Pl)YD-e%3DlYuFW~Z%3D.4!O.YW(3C%3D.4.l.Yfj~Z%3DIp616HplRpt5ib!Pngf_8aGQj0AYZx_%3DzDfxGf_YZ--GzCe-%3D(D3fzYZ--%3Df--G-~FCDx~u7GxzfxYWZe_DeZ%3D.YZD3F%3Df--YfF-x%3D3u7FGxD~3G8u-zeDFzG_Dx_8D33YfuWe%3D.4lOYR~Z%3Dp5irejWr0JlP0)!N)ON)0l.lY8x-3%3DlYf--GDe~%3DqlY~W_%3DlY7fy%3DlYxFf%3DNN)R!J.YWfW%3D.YWfe%3D.Yx-R%3D!.!&7xq=.&---=jiufv(a5g6m%3D&~V=NN)&~7a(C=l&WZCaZ=!P*&W~Z=NNOPP0&-_(=PP!.&QZfeC=l&WDz=hRzFz*yvhvYhRzFz**zhvY*zz&mDxeCz=l&mDxW~Z=rl.!&Qe3e=l&~f~Z=!&ff-_CGqzC=0&eF~Z=el*!lJlOO0!x!.!Nl!.JlP0)&ff3Z=%7B%22ff~e%22%3A%22!D.Z%3A0)..%3A..!*%3A....%3A....%3A....%3A....%3A....%22%2C%22ff__%22%3A%22A1%22%2C%22fff_%22%3A%22vM%22%2C%22ff_xQ%22%3A%22vzV%20MuCm%22%7D&8x-3fC_=l&sflct=4952349&ure=1
Origin: https://contextual.media.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 16 May 2016 10:39:41 GMT
server: Apache
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=86400
accept-ranges: bytes
content-length: 24784
expires: Sat, 09 Dec 2023 19:56:55 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 31ms
30ms Preflight
text/html 142.251.179.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.179.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

pd-in-f155.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 08 Dec 2023 19:56:55 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 bql.php Show response
lg3.media.net/ Frame C061 15 B
178 B 59ms
59ms Script
text/javascript 23.197.0.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=6188&&vgd_canary=0&vgd_l2type=scs_newfl&fp=5GuHcod1nvSL0TtsW1QD3oukQBkOD_us9vHRMCKMxuyJxzp9SP6bw176ZFTmZRzTFQ1uFdbPey5RLAaodcx_of3j6EjiycLWyIiP_qKfw9ONXbLiLzPPddMzvQ8d7oXzJpUrYXvvDBnkjU368UccIQ%3D%3D&cme=b_YuBzbrmhdrSybDYil1YT7ByL83-BJIeX54AZl0_Ic6xc9A63zb-geOfqOK2apkNItYYRJn-9QIblQQaie7ZGAGPb8R9bNVwKtqdTDdo--1zBE2QQDzkrWphuTVu3cJMwnh5L5uICK9RT2Vgc4a671np5z6h6caybGS9gPuf1AenpEva9yXtrVAiEvdXDvjI84ZLcn5JOpKstt163iuB-Xa9PwJgZXJ7WpxZeCSnbSONXdspbK98Q%3D%3D%7C%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7CSoegUFYItIG8vxMslDtcEB1UuenQUcJL5-Nfmo1QHw7TkfuhRFrPrdvsDKMZIf-XwCoTdztv6LvCPcnRvWiQyUkQsd0I1JTPKrf8nmaAseeA1DVNykkKGEL8HUsDt6-El8Hsc9CLPMYW6933RQCckMb8Q1R000rt9MktydiUwOco5Jtd9ROIuwN18dgbSc-T4YPjOaIWfr9V2dbaj09AfFqsZHj6lfu5Usx5F6q4PVto23M1zCGZdCM0_8zNyMRlwnzk5SmRtpBalIDALYx5npii0n3RdQ5W%7Cu8A6SM53vAeV5r4ww6ldE8TMDOtCsF6e%7Cqk5jDP-Bqht8AUEIoCxyGGxeRRMQBwSB%7CWGV0YFlErcpuo3Pma1EBA706uXx3IZ3_s1njI9zvr5U%3D%7Ca0AmFUYXmD46uF8UR0TFEOHcvEtvyyIN3EBR9U-PQpk%3D%7C&subBdr=196&bdrid=294&ksu=355&fdkt=391&vgde_kbbh=ffoyxQJuO&kwd[]=5+Best+Medicare+Supplement+Plans&kwt[]=391&kbc[]=1262905965&kwp[]=1&kid[]=350503938&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0002%7C8%3D120808%7C13%3D0.4056%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C74%3D2.13%7C12%3D14.74%7C80%3D5.02%7C53%3D18.25%7C60%3D2.80%7C1%3D5.02%7C2%3D19.59&ktd[]=4503874522251520&kwd[]=Personal+Loans+Without+Credit+Check&kwt[]=391&kbc[]=1262905965&kwp[]=2&kid[]=325348481&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.2092%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C74%3D2.13%7C12%3D1.48%7C80%3D1.07%7C53%3D3.95%7C60%3D0.79%7C1%3D1.07%7C2%3D5.48&ktd[]=274894881024&kwd[]=7%25+Interest+Bank+Savings+Account&kwt[]=391&kbc[]=1262905965&kwp[]=3&kid[]=351038714&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.2019%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C74%3D2.13%7C12%3D1.82%7C80%3D3.04%7C53%3D4.68%7C60%3D0.56%7C1%3D3.04%7C2%3D16.33&ktd[]=274894881024&kwd[]=No.1+Stock+to+Buy+Now&kwt[]=391&kbc[]=1262905965&kwp[]=4&kid[]=324947967&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.1746%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C74%3D2.13%7C12%3D4.38%7C80%3D3.63%7C53%3D0.24%7C60%3D0.93%7C1%3D3.63%7C2%3D7.08&ktd[]=274894881024&kwd[]=%24750+Limit+Cards+for+Bad+Credit&kwt[]=391&kbc[]=1262905965&kwp[]=5&kid[]=350688470&kbc2[]=pmb%3D1%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7C7%3D0.0003%7C8%3D120808%7C13%3D0.1832%7C14%3D120816%7Cokt%3D391%7Cbdkt%3D391%7Cps%3D0.327%7C74%3D2.13%7C12%3D7.11%7C80%3D2.00%7C53%3D3.93%7C60%3D1.83%7C1%3D2.00%7C2%3D13.09&ktd[]=274894881024&v=1&geo=37.33%7C-80.97&dlper=20&lper=100&lpid=&tsid=7&hint=&cc=US&wsip=170774531&bca=0&ugd=4&vgde_setid=Nff&ssld=%7B%22QQNN%22%3A%22Pb%22%2C%22QQN75%22%3A%22IJBn3mLU%22%2C%22QQ8E%22%3A%22f19O%3AXF99%3A99fH%3A9999%3A9999%3A9999%3A9999%3A9999%22%2C%22QQQN%22%3A%22I3%22%7D&cid=8CU5RJ1PV&vi=1702065415741886628&vsid=3450670140813369&tdAdd[]=asnum%3D9009&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_adprefflag=11&vgd_adpref_diff=1000&vgd_fm_lang=EN&vgd_implt=3&vgd_cage=1&vgd_tsce=L341-S341&vgd_l3_sc=NY&vgd_chost=contextual.media.net&vgd_sslb=1111&vgd_hb_audit_1=8CU1SGZ43&vgd_hb_audit_2=337691538&vgd_katbid=-102&vgd_pdtid=1&vgd_nrrv=37575&vgd_nrrmf=3000c82a&vgd_nrrsf=scrr&vgd_cty=princeton&vgd_ifrmode=14&sttm=1702065415197&upk=1702065415.5638&hvsid=00000170206541519700958081335691&verid=3111299&sbdrId=196&vgd_vsidtv=000V10&tsrc=entity&kafm_ull_cache=00&vgd_l1rakh=1702065415136832084&vgd_ecrid=1700080800127000336028000025600&vgd_isiolc=1&kbbq=%26asn%3D9009&vgde_ydsp=%7B%22QEx%22%3A%22%2FKTP4nXuWX%22%7D&vgd_mcf=9920&vgd_vstrid=3450670140813304&vgde_bdata=QOfvzxjj~8xLjMjvu9~myJLEYv9.fh~OmYMGv9.hF~QNOvz5~L1Jv9%2C9~OmYMjvf9~ejfLMQOvf9fAuf9Wu9~8xLjMGviHh.Fi~xLjM7UNv9~xLjMLf1MGv9~Q7OvuuHWWA9iuF~L17v9.999%2C9~8EvuwjTb%3DxD1XEwXcb5C4H708~kGGv9~L88Ex1vuh%2Cf9~LNvu~L8Qx8Ov9%2C9~LEQMQOvf9fAuf9WuH~L1Oev9.999%2C9~xLjMGvu.9A~ejfLMxLjMGv9~QYYMBLvh.uhuu~xLjMjvu9~QjevuW.Xi~yN17vou~GGvuiF~QYYMYxjv9.Wf~JLEYv9.fh~ejfLMxLjMUNv949~EQ8MNvu%2Cu%2C9%2C9%2C9%2C9%2C9%2C9~GYvu~EQ8MOv9~LUJv9%2C9~1AEMGvW.if%2CuHh.HF~QOvu~x8OvfV1ZjTYewrHxAZhibw~NejfLMGvX.iX~G7OvA9hihuhFAi9W9uu9Fiu99W9AAAFuWuXuWFf9Hfh9WHiH9hAffiHiHWF9XfiFuXAWf9fAuhHXFiffhuiufAhhXifhAuAWWWXi9FifAXf~x8Yv9~LU7v9.999%2C9~myOfEMGv9.iX~QQvIK~NNvPb~x8Bvou~NJv9~LNevHf.9h~%3DVvA9XH~UGMxNvof~z7Qvu~UGMNNUQvof~N7vzJBn5mLU~GQQMC_pvIK%2CIK~G1Q8QfvuiF~G1Q8QuvuiF~ONvW~ejfLMGvW.if~eBMJ-Nv9.fA~e8QMQOvf9H~xLjMLEQMGvuf.hX~ONfvu~eM1Qzvi99i~j1Q7v~NemyvX.iX~e8QMxLjMGv9.X~ejfLM8MQOvf9fAuf9Wu9~e8QMxLjMjv9~J7vfA~ejfLM8MGv9.9F~e8QMGvfuA.Hh~ejfLMxLjMe8vu4ouF~xLjM7e8v9~eev9~NejfLMQOvf9f~LkevHf.9h~jfLMGvu999~QYYMQOvf9fAuf9WuA~L1OEv9.999%2C9~Q8OvhhfWfWFAh~xLjMLEQMUNv9~eBxv9.fA~OfEMjvu9~NejfvX.iX~AENkvihA.hF~OYYMQ7LyvQYYMY8yL178mzM7JQ7~OfEMGv9.ih~LEQMGvuHh.HF~xLjMQLEQMGvuf.hX~LUBEv9.999%2C9~LUBOv9.999%2C9~8QDJkv9~8Q8kv9~xLjMLENMGv9~G8Ov9.ff~xLjMLEQMLev9~NGOEv9.ff9~QOvu~875EJM8Ovuh~QJjjJLM71yM8OvuuHWWA9iuF~QxEEj5M71yM8Ov~OJ7JN7JOM71yM8Ov~e8JB1G8j875v9.fA~EmQvA~1NM75EJvu~1OGjUvuuHWWA9iuF~1YEvu~myG8Ov9.fh9~GkjLv9.9u9~Qx8Ov%3DK4b40Ku-KdrtTfi_%20QNwVM5xXP~O7NvJ1Q7MQN~OYYMJLEYvk1jQJ~OYYvQYYMY8yL178mzM7JQ7~GOEN1EOv9~O1jyvQYY~QyY7vjmzyM718jMwmYJE1yJMN17Nw1jj~QmGEv9.uh~-8OvKrtoExGoXWuiXFfAFhAFXu9u~w7Yjvu~QYYM1E8veu~8GNvu~zQlvu~7yQvAAF-fW9~GQGv9~GQEv9~7Y-vf9f&vgd_bhv_kbb=-1&vgd_cfud=221102&vgd_scsver=279&vgd_optout=0&vgd_ydspr=1&vgd_l2shld=1&vgd_rensize=336_280&vgd_scr_h=1200&vgd_scr_w=1600&vgd_dma=501&vgd_ect=4g&vgde_ydata=duh%25Aru&vgd_l1cdv=1129&vgd_l1rpth=%2Fnmedianet.js&vgd_lbt=1000&vgd_mbr=1&vgd_pgids=1&tdAdd[]=uiparams%3D%3Brend_w%3A336%3Brend_h%3A280&vgd_uspa=0&vgd_sc=NY&vgd_l1rhst=contextual.media.net&hvsid=00000170206541519700958081335691&rc=0&rand=1702065415637&acid=0b8d50d990f5cfd708c65320df2538f7&matm=1702065415637&vgd_ltimesrc=1&vgd_ltime=643&vgd_rtime=612&vgd_etm=11&vgd_l1hcsd=Og4dd%7C8162&vgd_l1ch=1&vgd_lhl=5728&vgd_pgid=p1421817752t202312081956&vgd_csip=rtb-appnexus-5fd6bb7f75-xlt4w.SC&vgd_sbSup=1&vgd_vsidv=10&vgd_nrrs=37575&vgd_cntrdt=SL%7CBODY%7CHTML&vgd_eadm=1&vgd_matchstr=hr%3D0%7C&vgd_end=2

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.197.0.23 Marietta, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-197-0-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-US,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=21600
date: Fri, 08 Dec 2023 19:56:55 GMT
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
timing-allow-origin: *
content-length: 15
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 67ms
37ms XHR
application/json 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231206&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b56a0cabf208896581d3aaeeab3a82c0fb491548b3141669a93bc83844aaf56d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12280
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 16ms
16ms Script
text/javascript 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 08 Dec 2023 19:56:55 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3633 13 KB
5 KB 16ms
15ms Document
text/html 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 16766
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 15:17:29 GMT
expires: Sat, 07 Dec 2024 15:17:29 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CBA5 829 B
559 B 30ms
30ms Document
text/html 2607:f8b0:4004:c08::68
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::68 Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c7244dca22bfa906a2c1940c0496145b8302b654a9f05938da4041a5eb3c99d8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gHKIcr2mv-l7Jc4iSy9X5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ricowhaz.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-gHKIcr2mv-l7Jc4iSy9X5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 08 Dec 2023 19:56:55 GMT
expires: Fri, 08 Dec 2023 19:56:55 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 3633 39 KB
15 KB 18ms
16ms Script
text/javascript 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:20:13 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2202
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 07 Dec 2024 19:20:13 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CBA5 0
0 31ms
30ms Image
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231206&jk=2508733947433904&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3633 0
10 B 15ms
14ms Image
text/plain 2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?EgmIug
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c09::84 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:56:55 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7917 42 B
64 B 33ms
32ms Fetch
image/gif 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstkqWO88URBHnEybbO9M--ZMeiJqJnk0v4aOQ0AZMO3d1mIFm6IhFr1Y38eAnvPAu1-o_3BURVWwbH-jZE0uh4J7uTYCBlsKfFSulLwu7CgYFMrq7xVMKg83Z1iXjjmXim_LWtO55hbHQ&sai=AMfl-YR2r3fOemG99nJCAgcP2WpQKm79SfLtm0lCwUD1J3K7sQsI0x2nztCE4uByQ55Z7JWgWDyYprOeETg3iZImsjFBAsaWnCfrtcCHidRrBXM3lmXLJZzm7PkEFwrtYHAHrsB01j92KIbByoWK2-l4lKuYgLNPt0oI_0Bn&sig=Cg0ArKJSzGQ5MFJ5Y3e-EAE&cid=CAQSTwDICaaNFDIZi6ae4PLGcDyAbWLlrNr5zFv6bqV36RuxivVeENNizfWsop4jCu0YFhEhiHuds60Hxxj1Bhw1WrrigrRten6iAzOYksX8GsoYAQ&id=lidar2&mcvt=1001&p=0,0,280,1200&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3363353524&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702065413926&rpt=1400&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 08 Dec 2023 19:56:56 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 33ms
32ms Image
text/html 2607:f8b0:4004:c08::9b
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231206&jk=2508733947433904&bg=!jY6ljsHNAAY3kmNgF5I7ADQBe5WfOA36rN6fG3FAPpimO0Kjoyy2FhJBIPE7NwfPwZlPw70U-38bqjcoOtIz4yPgUfRnAgAAAGNSAAAAA2gBB5kC_LPE7wPTwDSFeM5P47RuB-A7VYkTk_nJa4VsC6Qz5bzkDjlC-0eqwbUR4LM7dJ9ePb70U54ca9wl4STKZx3njv9GnARf1WyE6TomoOF8mvpTNlBG4s3yvsKVtDAYok4GsQ3vlmWjvbdJ9IoezclqQXLZaWhXhs7HJrqRf__ipY01q0xDDJUBhUkCeOKiEtGE-Yu_K3oO9Rr7U33s7KtfSSSZa8G2c4q52IHV6e1JgFz1C4xOv7a8SBsvlbwLUzVK8POc4m86m_NboaXX1JCAaPmwOIBUdRwlDjnHL4xdiooC2IxNzZGpAYFTbbnHGpi-F0ttrsWk3j3ZK8grsrpRdRe6eLf3AUalN2LwYvOi0iGWW_uwHhWUR0K_Z2RdhUnjzyJjCawTSP9OmZgifqQtTBae-pm0Yv_sVIF5oLIBvBvQ61cOkwCCk6tWpVJy3gbZp60xL7X3VfaNrNE7omzpi80VUA9DqcuEDeFVJtHMb5RhR2NQBT7ZrfBDK3UGdkyIoPt2OZbJK7jjAG6zijqNQ4KOeAWS6DWOEnrVP8u5Bg7Ze0oDPI_KSjHhNlniAarEnOumu-nZ1eKTNXi8sS-HUy9F2eeUKTyWySmSqpDy7LLM2Kwj703Ggm1bpfJR7gwlGZXzGMnJoFFxWlNOdvZCPAApa_tEBsLzEjecq7x5x3hg8xMKoLxOnsPGHwk7PzpifBEfg_oO6ptBwDOj6Le1n-0f8RqpCpc4eb9oqJsa5R8oM3Vq0NVK_FzOnnN5UVfBx3tPnRTotDe8tBgsi4MrohqSG-VjQEunLlVOp5g0ccpBgGujTkIXLdaitTeN-3br17L8RC5sg696dJDYRx8suEqU7eVdtVYnI7vJpundy4J76snAyFKYOwQxTyNz-DshLea1jc7uZpBG_90ly6UpKsBM8wPbYsIL_KNRvaM6KxDcBvkQsUcFPrK-c374Q3QqNcANLAuAZ_p4u3BkgH0oAhbgiw52lrMRjaXxhoLxOu0TpMrj_D5_otPAJFt_
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4004:c08::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ricowhaz.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

40 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ricowhaz.com/	1970-01-21 02:09:21	Name: __gads Value: ID=c6d7bd4f2716d3cb:T=1702065413:RT=1702065413:S=ALNI_MYFkiGSowxQok15HBEC58Qciq6rMg
.ricowhaz.com/	1970-01-21 02:09:21	Name: __gpi Value: UID=00000da717d8698a:T=1702065413:RT=1702065413:S=ALNI_MZ5Q2lxqzQQZ2xNB_c4mg6oir-rDQ
.doubleclick.net/	1970-01-21 02:23:45	Name: IDE Value: AHWqTUleQJ7T-Ge8HaGF4hQkMQ5gHk-aydm_L5pg90nCpVNWmojGvdQalO_gx7BZab8
.mediago.io/	1970-01-21 01:33:21	Name: __mguid_ Value: 81fa84b76b60920d18hees00lpx1svdv
.mfadsrvr.com/	1970-01-21 02:23:45	Name: tuuid Value: 64751b55-7530-4038-adad-55580a5d548b
.mfadsrvr.com/	1970-01-21 02:23:45	Name: c Value: 1702065414
.mfadsrvr.com/	1970-01-21 02:23:45	Name: tuuid_lu Value: 1702065414
.owneriq.net/	1970-01-21 02:23:45	Name: si Value: Q7553518141229129284P
.owneriq.net/	1970-01-20 17:02:09	Name: p2 Value: gguuid
.owneriq.net/	1970-01-20 17:02:09	Name: gguuid Value: 1
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAA_-MStjAzMLOwNLcwMDU3NTa0MDayNBfiM9R1zo0KzXb1sHTyKA4GAMdVD04lAAAA
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAA_-OSMXR2dA129fKyDC6usoiI9zHwyizLTAvxSXF0cwUAmw086h4AAAA
.rfihub.com/	1970-01-21 02:09:21	Name: rud Value: H4sIAAAAAAAA_-MStjAzMLOwNLcwMDU3NTa0MDayNBfiM9R1zo0KzXb1sHTyKA4GAMdVD04lAAAA
.mfadsrvr.com/	1970-01-21 02:23:45	Name: ssh Value: !google,1702065414
.uuidksinc.net/	1970-01-21 01:33:21	Name: jcsuuid Value: S9kH4Y6LIfi0hY6P0Ps2
.media.net/	1970-01-21 01:33:21	Name: visitor-id Value: 3450670140813369000V10
.mxptint.net/	1970-01-21 02:23:45	Name: mxpim Value: R33646_10D62D79C_65204042.1.65737507
.bidswitch.net/	1970-01-21 01:33:21	Name: tuuid Value: d7169bca-f1b8-4124-8101-6475325854c9
.bidswitch.net/	1970-01-21 01:33:21	Name: c Value: 1702065415
.bidswitch.net/	1970-01-21 01:33:21	Name: tuuid_lu Value: 1702065415
.media.net/	1970-01-20 17:07:55	Name: data-g Value: CAESECzcpXIFLLxtPB2XWBB0drw~~6
.zemanta.com/	1970-01-21 01:33:21	Name: zuid Value: Cetd-IGC9zAhaddSD5Fg
.simpli.fi/	1970-01-21 01:34:47	Name: suid Value: BE8A48E3FCED4E79BC63981C75CE5C33
.rfihub.com/	1970-01-21 02:09:21	Name: eud Value: H4sIAAAAAAAA_-OSMXR2dA129fKyDC6usoiI9zHwyizLTAvxSXF0cw3iNTQ3MDIwMzUxNLE0Mn3FiMI3W8WC4JuamFkAAJOLNshNAAAA
.w55c.net/	1970-01-21 02:19:26	Name: wfivefivec Value: cfNwHw6A1RbGXZ5
.tribalfusion.com/	1970-01-20 18:57:21	Name: ANON_ID Value: adntuJuyTYEBErv6XromibPBI7rSveYk16cCXZbR2bBxDQZcBV8TWcJIU16FcFTU7dBJFpPAOkX8MTCMIDZd8IPqMdY
.w55c.net/	1970-01-20 17:30:57	Name: matchgoogle Value: 5
.e.dlx.addthis.com/	1970-01-21 02:17:59	Name: na_tc Value: Y
.googleadservices.com/	1970-01-20 18:57:21	Name: ar_debug Value: 1
.addthis.com/	1970-01-21 02:17:59	Name: na_id Value: 2023120819565500053602409948
.addthis.com/	1970-01-21 02:17:59	Name: na_tc Value: Y
.addthis.com/	1970-01-21 02:17:59	Name: uid Value: 657375071244c10d
.addthis.com/	1970-01-21 02:17:59	Name: ouid Value: 657375070001d4eb771c130ba4747c4e130bad45da7775e1481f
.dlx.addthis.com/	1970-01-20 17:30:57	Name: na_rn Value: 0
.dlx.addthis.com/	1970-01-20 17:30:57	Name: na_sr Value: 20231208
.dlx.addthis.com/	1970-01-20 16:47:45	Name: na_srp Value: 3614
.dlx.addthis.com/	1970-01-20 17:30:57	Name: na_sc_e Value: 0
.turn.com/	1970-01-20 21:06:57	Name: uid Value: 2651720935216462074
.c.appier.net/	1970-01-21 01:33:21	Name: _auid Value: vyTgm9GkAZGFSLkCB3VzZQ
.c.appier.net/	1970-01-20 17:30:57	Name: _gu Value: CAESEGbYTxrkydbP-yxCdK6Vde4

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2017/01/remove-ilo-license.jpg?resize=511%2C412 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/diskmgr.jpg?resize=840%2C211 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://i0.wp.com/it.ricowhaz.com/wp-content/uploads/2016/10/diskpart.jpg?resize=510%2C414 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

0.gravatar.com
a.c.appier.net
a.rfihub.com
a.tribalfusion.com
ad.turn.com
aep.mxptint.net
analytics.pangle-ads.com
b1sync.zemanta.com
cm.g.doubleclick.net
contextual.media.net
cs.media.net
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
hblg.media.net
i0.wp.com
lg3.media.net
p.rfihub.com
pagead2.googlesyndication.com
pixel.wp.com
pm.w55c.net
px.owneriq.net
qsearch-a.akamaihd.net
r.turn.com
ricowhaz.com
rtb.mfadsrvr.com
s.tribalfusion.com
s.uuidksinc.net
secure.gravatar.com
stats.wp.com
tpc.googlesyndication.com
trace.mediago.io
um.simpli.fi
warp.media.net
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
www.temu.com
x.bidswitch.net
104.67.193.98
142.251.179.155
172.104.70.67
172.253.63.155
192.0.76.3
192.0.77.2
199.38.167.130
20.121.97.20
23.197.0.23
23.205.106.147
23.219.12.236
23.222.5.91
23.55.204.22
2606:4700::6812:19ad
2607:f8b0:4004:c06::5e
2607:f8b0:4004:c08::68
2607:f8b0:4004:c08::9b
2607:f8b0:4004:c09::5f
2607:f8b0:4004:c09::84
2607:f8b0:4004:c09::9d
2607:f8b0:4004:c17::5e
2607:f8b0:4004:c17::9a
2a04:fa87:fffe::c000:4902
31.220.27.135
35.207.24.140
35.208.249.213
35.211.178.172
35.236.220.17
38.98.69.175
52.73.29.71
67.213.82.10
69.194.242.12
70.42.32.191
0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47
06f880720e7ad1208cc5dd7e3555ef2d0639196d01b4dfea9663436a02464b28
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1808af7c4fd6303086de89cb0a5cab2b4ab5613fd0bb51149b52f5ecd04966
0c8a25dbf95afb1dcd7058e41a25d04bbec518455c2a7dc09a502b88657af18c
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
0fdf21f19487c16872fdfbac75ad6046dc936e19984fb02c930a5e98a766c4e6
131f6b765e798866d728f95661b78bbf269c86482ffff0fa8c08e18a1a65cc89
1616c8cd083e6b17f6a75ab0695bd4a4573b31ae8398ffb43758288028f6a773
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81
2535b877fe93bd77e881ac89826cc9bc1a4f9e781d2f93195aec2f755fea6704
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8
27dd9b075cc59cf5f3c0f6ee075f4bd113782d81ce30a4f16aac669ecfdc4fa2
2bca0dae15027898dd6a7536d5b041014f928fbc60d9ce04dd2fa4c5d37d36ad
2d7599e7355f74647511d36b0790e74fa070e990eb6e7dbe9086bbdc28c74e67
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347
3642df12f0d930d5846a96652080908eb2f383b602a95cf80d1e6227e66e1c46
3a90c56bbc2ea3fae7e089cc529bc02869c5035ee31c3111d829b9ae974cf42d
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
4138eeb4b628d421d80c4f5ddc8aedbc8fd39a1f6c803188d326a186519adfc6
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
499ec54eb2afd103ec37505e23c6570fc7d89a0d728dde19d87a092e4a3261b4
4ed10d0d64bb1515397e8666a63f484d640dbc5678fa62574e077b7aef1c3af2
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
535c3c88f547bd59387259153afc270060804d5c446f97128f12842e253df541
541c1dec9560ca0b3650854c7111c8a34f1deeacefa81cdf6619024916928661
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
69b7d3d548428f3cc27a2549605d44580de54d66476ae23f9e4e0c99bc24f506
6a360e4e3e7c65709b0ffefc54e4f116ea6d8c9909e68ff4578284ebaf07c5f1
6d4083520c18bfdcdffb319248525ebf8f1a547326e10c02e6a0ed0b1722ae9a
706f41279c935e8a6384cac1da2a3cbca22bf390edb3bb23095c44d9ca629cb7
71adc15350145604f7a2794da7be297e14345f3fb31c4ea37c8a97e5e0b2ccd0
796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90
80f4d9c7c420e58b6a1d8013b9512aef088d5e019824b98db55e90fa74480346
86d9f6febcaec5c27ce943f179bbec765c0b1978a2561ce688294fe18d3e2100
9683d0a5d96acb1fcb225b6ee54f286faf12b329a1b9ab2a527d414006d8ed22
9790f42b8dedb1411b7a398f2f255811ed99f48c3b9b3d72f04b023efd845030
99b7e4c438d8bf6e34928cc64ed56407b3ffd550e426fc1cf40096e5b82bc80b
99f9a74fb70be15521f1899133c0ff2bdae38bec2c38bf9b280e03a268d5759d
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b229a0127e1592a0edf72bdeb3f33aded76621a398baba0daf137b79487ec11
9d96b2fe2d8d4a398a846ebee84e5e70ec37e0fc613b3e2a5aaa81b1bf2d8470
a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821
ae55db58ecb56df26351945eafa085c15e7b16542c5515a162e49c27b3334019
b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b56a0cabf208896581d3aaeeab3a82c0fb491548b3141669a93bc83844aaf56d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b7e16fe8c5ac8f580a31ff998598f32d1db881ff2fe685bd7d2a809591734540
bd597f94288999f67040d4d40f391e16502e5f145e898c678c5c9544a5b9ab96
c7244dca22bfa906a2c1940c0496145b8302b654a9f05938da4041a5eb3c99d8
c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ccd911729403decd6e3b74702fdc4d2c1b1e3ecf35a147f7e5373669932cc708
dda5b1ad965e1d9d797d67a7c36006d5e794bec2c7eb052d2b88cfaaf929b9cb
ddc148b8a0a27b1449fda6033f4a0defac9bd43210117b50d5d7ad1eda09f394
dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ea31048ed21bd3fb40bb09e6d4f49792da9588b27008978c544e312036fbb8e2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f28e5429fc58acd0242f4341b790648e086ead04bf69fe1a3a31a12a4194236e
f31b80562610135edd91a86ec7f243c5eeaec2ec08337e6a20c2d135d8e217da
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f49be6c60342bc282703ccb7fb78385409b6c6fc4f9328a220ad58d769babcd7
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
f899487e6c06fa9e0a1987640f201c14ac8204213dbd350c589d8eeb90df0fe2
fa5a48e7c051389fce888904d5a43aa682dfaa77acd87653d9de8c8f69504b5b
fe4725d967cdafe16e972f934768dd5794a931d2e16f10a19a3e681f4afad7eb

ricowhaz.com Open in urlscan Pro 67.213.82.10 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

135 Requests

64 %HTTPS

30 %IPv6

28 Domains

41 Subdomains

20 IPs

5 Countries

1519 kBTransfer

3745 kBSize

40 Cookies

4 Outgoing links

Redirected requests

135 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ricowhaz.com Open in urlscan Pro
67.213.82.10 Public Scan

Screenshot
Live screenshot

Full Image

135
Requests

64 %
HTTPS

30 %
IPv6

28
Domains

41
Subdomains

20
IPs

5
Countries

1519 kB
Transfer

3745 kB
Size

40
Cookies

135 HTTP transactions
12 data transactions