ioffice.site Open in urlscan Pro
50.116.86.29 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://ioffice.site/
Effective URL:
https://ioffice.site/
Submission: On June 20 via manual (June 20th 2022, 1:23:44 pm UTC) from CA — Scanned from CA

Summary HTTP 182 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 22 IPs in 1 countries across 15 domains to perform 182 HTTP transactions. The main IP is 50.116.86.29, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is ioffice.site.
TLS certificate: Issued by R3 on May 8th 2022. Valid for: 3 months.

This is the only time ioffice.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 34	50.116.86.29 50.116.86.29	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
2	2607:f8b0:400... 2607:f8b0:4006:807::200a	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
29	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:80c::2003	15169 (GOOGLE) (GOOGLE)
8	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:821::2002	15169 (GOOGLE) (GOOGLE)
19	2607:f8b0:400... 2607:f8b0:4006:822::2001	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:807::2004	15169 (GOOGLE) (GOOGLE)
8 12	142.251.40.162 142.251.40.162	15169 (GOOGLE) (GOOGLE)
3 7	23.41.168.244 23.41.168.244	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	68.67.179.135 68.67.179.135	29990 (ASN-APPNEX) (ASN-APPNEX)
40	2607:f8b0:400... 2607:f8b0:4006:80c::2006	15169 (GOOGLE) (GOOGLE)
6	142.250.64.98 142.250.64.98	15169 (GOOGLE) (GOOGLE)
3 4	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1 2	23.195.109.72 23.195.109.72	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2607:f8b0:400... 2607:f8b0:4006:821::2003	15169 (GOOGLE) (GOOGLE)
9	23.41.169.149 23.41.169.149	16625 (AKAMAI-AS) (AKAMAI-AS)
1	3.137.132.184 3.137.132.184	16509 (AMAZON-02) (AMAZON-02)
1	3.142.125.248 3.142.125.248	16509 (AMAZON-02) (AMAZON-02)
8	23.205.74.72 23.205.74.72	16625 (AKAMAI-AS) (AKAMAI-AS)
182	22

34 50.116.86.29 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 50-116-86-29.unifiedlayer.com

ioffice.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:807::200a (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 142.251.40.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80c::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2607:f8b0:4006:820::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:821::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2607:f8b0:4006:822::2001 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:807::2004 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.251.40.162 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.41.168.244 (Edison, United States) 3 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-168-244.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 68.67.179.135 (Secaucus, United States) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2607:f8b0:4006:80c::2006 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.64.98 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.98.64.218 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.195.109.72 (Edison, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-109-72.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:821::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 23.41.169.149 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-41-169-149.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.137.132.184 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-137-132-184.us-east-2.compute.amazonaws.com

geo.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.142.125.248 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-142-125-248.us-east-2.compute.amazonaws.com

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.205.74.72 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-74-72.deploy.static.akamaitechnologies.com

havasfrorangedcmdisplay758646212611.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 115 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 150	400 KB
40	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 265	769 KB
34	ioffice.site 1 redirects ioffice.site	955 KB
32	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 213 googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 cm.g.doubleclick.net — Cisco Umbrella Rank: 217 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 283	283 KB
11	moatads.com z.moatads.com — Cisco Umbrella Rank: 413 geo.moatads.com — Cisco Umbrella Rank: 614 mb.moatads.com — Cisco Umbrella Rank: 634 px.moatads.com — Cisco Umbrella Rank: 408	112 KB
8	moatpixel.com havasfrorangedcmdisplay758646212611.s.moatpixel.com — Cisco Umbrella Rank: 193851	2 KB
7	casalemedia.com 3 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 623	6 KB
6	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 247	6 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	112 KB
4	openx.net 3 redirects us-u.openx.net — Cisco Umbrella Rank: 402	722 B
4	google.com adservice.google.com — Cisco Umbrella Rank: 92 www.google.com — Cisco Umbrella Rank: 9	2 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 185	127 KB
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1069	638 B
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	2 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 861	466 B
182	15

	Domain	Requested by
40	s0.2mdn.net	ioffice.site s0.2mdn.net
34	ioffice.site	1 redirects ioffice.site
23	pagead2.googlesyndication.com	ioffice.site pagead2.googlesyndication.com securepubads.g.doubleclick.net tpc.googlesyndication.com 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
15	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
12	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net
8	havasfrorangedcmdisplay758646212611.s.moatpixel.com	6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
8	px.moatads.com	6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
8	googleads.g.doubleclick.net	pagead2.googlesyndication.com 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com ioffice.site
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
6	googleads4.g.doubleclick.net	ioffice.site
6	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	securepubads.g.doubleclick.net	ioffice.site securepubads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	us-u.openx.net	3 redirects googleads.g.doubleclick.net
4	6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	www.googletagservices.com	6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
3	www.google.com	tpc.googlesyndication.com 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
2	sync.teads.tv	1 redirects googleads.g.doubleclick.net
2	fonts.googleapis.com	ioffice.site s0.2mdn.net
1	mb.moatads.com	z.moatads.com
1	geo.moatads.com	z.moatads.com
1	z.moatads.com	s0.2mdn.net
1	www.gstatic.com	s0.2mdn.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	adservice.google.com	securepubads.g.doubleclick.net
182	25

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.instagram.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
ioffice.site R3	`2022-05-08` - `2022-08-06`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2021-05-25` - `2022-06-25`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://ioffice.site/
Frame ID: 0C216010614F29E1A609053351B2D47A
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/zrt_lookup.html
Frame ID: 3662DA8616E3BCA9F3480F244F2C661C
Requests: 1 HTTP requests in this frame

Frame: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 75F87E56813FC8BE61E07F920015FB4C
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3862260745750197&output=html&adk=1812271804&adf=3025194257&lmt=1655731415&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fioffice.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655731415035&bpp=3&bdt=595&idt=329&shv=r20220616&mjsv=m202206140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2056177861381&frm=20&pv=2&ga_vid=1810522252.1655731415&ga_sid=1655731415&ga_hid=2110497355&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067768%2C31067983&oid=2&pvsid=3854202735266871&tmod=654890390&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=352
Frame ID: C574FFB32BCA366879F17AAE7752552C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A08D8C4EE08E0CBC2D2898E316BB2A7D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D61BC163C7441FE02C61F51BB3BD3EA9
Requests: 2 HTTP requests in this frame

Frame: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 1694D3C6ACFEC22221403188B80B9944
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPyYgQEQ_cKFARij3OLLATAB&v=APEucNUwEoRBknoksQCTC_fQkSAeiTuWEokjUcxjqhVNBcL0dKuv5D_ahWGfyffoBb5r86WlDbJNdL55Bf65vM7o9N1nftoXofXhqA2Q0WOucG_WrSEf0SXiVwxcRwAC7pRnQg-rj9vOJqKqBIkHe-Aeviir7hhitCTTlALEx92sYLjLRTGHoRU
Frame ID: B304D72187F645DD511E6D4E0EBEA786
Requests: 5 HTTP requests in this frame

Frame: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 138CF65DF9671BAADF81EAA244091871
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLXnfBDHqn4Ypa6NywEwAQ&v=APEucNUiXh497zbCOIaTdoBQ3ED-219gA1lEcvpgbfG6aL-8f2yx6E8wbI-3dHVotKo2pM37ykvitAUG7IwnpyM2FHHcgjGp3JLAAsTm0Auo4MwLfcUjikD5dZX0Mj-qOXniB5zXfaw_xH9UzJi8iOY_mO_iXIxbAZLyKVA6RIYzVloxWxqBFN8
Frame ID: 35F55017C25AD9B38542088842E4A0D4
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
Frame ID: 8A3F25D741DDCF524728D98EA6ACC109
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 0141B4B841D05B4188768CE751C45BB8
Requests: 3 HTTP requests in this frame

Frame: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7FFAA02EFAF6DDCAD2AA6C73873D4D3C
Requests: 33 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCX9ucBGPH3hMsBMAE&v=APEucNU2YFREJ4ELjoJv3gQynE7IeJmIzpCxfch6soESuOpB8PZwnTtwGQCacSyqP01IAWctHmsvIsI_OqIeln4uxz-BqxiVFvdbP3i-jIeFaZequvhUe9aLNYAgBGS7c1An-xh3-GZSPTfNMsowZFjDNqNnhgJLEK-QkQhSIWU2rOCU4sE3xRc
Frame ID: 5E3C2571590BB0ABBD63628969EBB346
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247
Frame ID: 4E860DD177F75199C2FC88F7356259D5
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6B44148029AB1BFA9355F69D93C7480F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
Frame ID: 61D4C407D76B4182B7F02179C8D5B5F9
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1032F7E6F8A6518FF2E983B6A306851B
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home - Ioffice

Page URL History Show full URLs

http://ioffice.site/ HTTP 301
https://ioffice.site/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

182
Requests

93 %
HTTPS

43 %
IPv6

15
Domains

25
Subdomains

22
IPs

1
Countries

2768 kB
Transfer

6026 kB
Size

12
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/TagDiv/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tagdiv/

Search URL Search Domain Scan URL

URL: https://twitter.com/tagdivofficial

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/tagdiv

Search URL Search Domain Scan URL

URL: https://www.facebook.com/tagdiv
Title: Like

Search URL Search Domain Scan URL

URL: https://www.youtube.com/tagdiv
Title: Subscribe

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://ioffice.site/ HTTP 301
https://ioffice.site/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

Request Chain 59

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrB012MGguQvRQsKXCZZHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

Request Chain 60

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJLPFAo1HDDQilfBeZDVXkE%26google_cver%3D1

Request Chain 61

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

Request Chain 84

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrB012MGguQvRQsKXCZZHAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1

Request Chain 86

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

Request Chain 105

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1 HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1

Request Chain 106

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTFjMGFjYWEtOTVhZS0yOTc0LWQ2M2YtMGZkYjdhZGVhODU0

Request Chain 107

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEIwECLwHk8EydJaWdINKe_I&google_cver=1

Request Chain 108

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmVlZjI4YTUtMjgwNS00OGE1LWE3YWMtNjE2NmUxZmJiMTA1

182 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
ioffice.site/
Redirect Chain

http://ioffice.site/
https://ioffice.site/

173 KB
50 KB

795ms
672ms

Document
text/html

50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 4f9dd8b28b3acfaf0c2f2c40f47e6b11b4d49ce94d67ddd5c03357577e095fa0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 13:23:33 GMT
link: <https://ioffice.site/index.php/wp-json/>; rel="https://api.w.org/", <https://ioffice.site/index.php/wp-json/wp/v2/pages/66>; rel="alternate"; type="application/json", <https://ioffice.site/>; rel=shortlink
server: Apache
vary: Accept-Encoding
x-litespeed-tag: 3a1_HTTP.200

Redirect headers

Connection: Upgrade, Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Mon, 20 Jun 2022 13:23:33 GMT
Keep-Alive: timeout=5, max=75
Location: https://ioffice.site/
Server: Apache
Upgrade: h2,h2c
X-LiteSpeed-Tag: 3a1_HTTP.200,3a1_HTTP.301
X-Redirect-By: WordPress

GET
H2 200 style.min.css
ioffice.site/wp-includes/css/dist/block-library/ 87 KB
16 KB 126ms
125ms Stylesheet
text/css 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-includes/css/dist/block-library/style.min.css?ver=6.0
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 00:58:12 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 16579

GET
H2 200 wpforms-full.min.css
ioffice.site/wp-content/plugins/wpforms-lite/assets/css/ 39 KB
8 KB 116ms
114ms Stylesheet
text/css 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/plugins/wpforms-lite/assets/css/wpforms-full.min.css?ver=1.7.4.2
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: f11881a89ad5ebdbfe75b6a82c4f1359bef968b54a8e006b0b677688ecfeb581

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Thu, 19 May 2022 12:58:08 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 7755

GET
H2 200 css
fonts.googleapis.com/ 13 KB
1 KB 87ms
37ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C500%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=4.9.5

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e60dd4d4d2a9877511e9eea6cd40c4cb5199f4a7537d362edbe08599ba2ff2d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 13:23:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 13:23:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 13:23:34 GMT

GET
H2 200 style.css
ioffice.site/wp-content/themes/Newsmag/ 148 KB
38 KB 150ms
148ms Stylesheet
text/css 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/themes/Newsmag/style.css?ver=4.9.5
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: c07acab194f946004ab1dd40b1e491c56b0cc41559f135745ecdaa5d5c54dcbb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Sun, 28 Mar 2021 00:35:18 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 td_legacy_main.css
ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/css/ 579 KB
122 KB 179ms
178ms Stylesheet
text/css 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/css/td_legacy_main.css?ver=153fca3b149b11ef7f1de403ebfe3342
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 07e7a34003bfb34fb75f51cb4881beded7ba223b9f8cd6e6d60df4f7148d570d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Sun, 28 Mar 2021 00:37:54 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: text/css

GET
H2 200 demo_style.css
ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/includes/demos/travel/ 7 KB
2 KB 122ms
121ms Stylesheet
text/css 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/includes/demos/travel/demo_style.css?ver=4.9.5
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 080af8d4c40fa3ed49dc244cf6d94a8a060efabd09f42915c8a1c00d43e0d6fe

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Sun, 28 Mar 2021 00:37:51 GMT
server: Apache
vary: Accept-Encoding
content-type: text/css
accept-ranges: bytes
content-length: 1887

GET
H2 200 jquery.min.js Show response
ioffice.site/wp-includes/js/jquery/ 87 KB
38 KB 172ms
171ms Script
application/javascript 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Wed, 10 Mar 2021 23:37:24 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
ioffice.site/wp-includes/js/jquery/ 11 KB
5 KB 122ms
121ms Script
application/javascript 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Wed, 18 Nov 2020 17:36:06 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 4618

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 164 KB
56 KB 127ms
67ms Script
text/javascript 2607:f8b0:4006:80b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc88f3a751407b4840b8ed578626d1ba04c2f0a443cff01bdcd038c864b08ca5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56319
x-xss-protection: 0
server: cafe
etag: 9648480485937492318
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 20 Jun 2022 13:23:34 GMT

GET
H2 200 wp-emoji-release.min.js Show response
ioffice.site/wp-includes/js/ 18 KB
5 KB 68ms
67ms Script
application/javascript 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-includes/js/wp-emoji-release.min.js?ver=6.0
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 00:58:11 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 5321

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 81 KB
28 KB 114ms
55ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

fc0cfd65dbe106a9d085d5b0d65c43f8626427b08da51740c349344d761eb81e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27878
x-xss-protection: 0
server: sffe
etag: "1250 / 851 of 1000 / last-modified: 1655503484"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 20 Jun 2022 13:23:34 GMT

GET
H2 200 ad-big.jpg
ioffice.site/wp-content/uploads/2021/03/ 142 KB
143 KB 63ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2021/03/ad-big.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 934bb4563a45196d9bbc86ae61b0b41b468f7b13b49092e5e759842bef716f80

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
last-modified: Sun, 28 Mar 2021 21:07:09 GMT
server: Apache
accept-ranges: bytes
content-length: 145154
content-type: image/jpeg

GET
H2 200 tagdiv_theme.min.js Show response
ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/js/ 237 KB
76 KB 73ms
72ms Script
application/javascript 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/js/tagdiv_theme.min.js?ver=4.9.5
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 0576ac28da77a0d8465f324a45e13e8ba89bd47089ffe612ff992aa4c8440a0c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Sun, 28 Mar 2021 00:37:56 GMT
server: Apache
accept-ranges: bytes
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 comment-reply.min.js Show response
ioffice.site/wp-includes/js/ 3 KB
2 KB 63ms
63ms Script
application/javascript 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-includes/js/comment-reply.min.js?ver=6.0
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
content-encoding: gzip
last-modified: Wed, 25 May 2022 00:58:11 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 1477

GET
H2 200 bg.jpg
ioffice.site/wp-content/uploads/2021/03/ 98 KB
98 KB 62ms
62ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2021/03/bg.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: dbf12bf1f5d4b89bf65b271a2e45731c8dcb2b2c040eb2147ba21a0ac098494d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
last-modified: Sun, 28 Mar 2021 21:07:10 GMT
server: Apache
accept-ranges: bytes
content-length: 99967
content-type: image/jpeg

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
16 KB 76ms
21ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C500%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=4.9.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ioffice.site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 22:19:25 GMT
x-content-type-options: nosniff
age: 486249
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 22:19:25 GMT

GET
H2 200 newsmag.woff
ioffice.site/wp-content/themes/Newsmag/images/icons/ 18 KB
19 KB 63ms
63ms Font
font/woff 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://ioffice.site/wp-content/themes/Newsmag/images/icons/newsmag.woff?14
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-content/themes/Newsmag/style.css?ver=4.9.5
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: a083e97ec066150eca10f333297598745b067c148c0c3d8e1214c35a264e8db4

Request headers

Referer: https://ioffice.site/wp-content/themes/Newsmag/style.css?ver=4.9.5
Origin: https://ioffice.site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
last-modified: Sun, 28 Mar 2021 00:34:58 GMT
server: Apache
accept-ranges: bytes
content-length: 18796
content-type: font/woff

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v29/ 44 KB
44 KB 21ms
21ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v29/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C500%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=4.9.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ioffice.site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Wed, 15 Jun 2022 19:32:38 GMT
x-content-type-options: nosniff
age: 409856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 19:32:38 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 15 KB
15 KB 24ms
22ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed%3A400%2C500%2C700%7COpen+Sans%3A400%2C600%2C700&display=swap&ver=4.9.5

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://ioffice.site
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 22:18:31 GMT
x-content-type-options: nosniff
age: 486303
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15700
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 22:18:31 GMT

GET
H2 200 elements.png
ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/images/sprite/ 5 KB
5 KB 63ms
63ms Image
image/png 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/images/sprite/elements.png
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/css/td_legacy_main.css?ver=153fca3b149b11ef7f1de403ebfe3342
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: b31639b1784eda51185ea2f620d531c1654d00790ce5ac16f333a88e23785d44

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/wp-content/plugins/td-composer/legacy/Newsmag/assets/css/td_legacy_main.css?ver=153fca3b149b11ef7f1de403ebfe3342
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:34 GMT
last-modified: Sun, 28 Mar 2021 00:37:55 GMT
server: Apache
accept-ranges: bytes
content-length: 4875
content-type: image/png

GET
H3 200 pubads_impl_2022061301.js Show response
securepubads.g.doubleclick.net/gpt/ 370 KB
125 KB 60ms
19ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

aedd1b112e247314f7e990485858511f15d21e57885ee131e9e1a3fec0173d61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 01:24:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43167
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 128384
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 08:35:33 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 20 Jun 2023 01:24:08 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 69 B
94 B 75ms
34ms XHR
application/json 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=ioffice.site

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

a385622e56f3a1e0bba5d2629ff38059f5d66b0c583a1349d2efbe200b6788d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 69
x-xss-protection: 0
expires: Mon, 20 Jun 2022 13:23:35 GMT

GET
H3 200 show_ads_impl_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206140101/ 340 KB
120 KB 62ms
62ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206140101/show_ads_impl_fy2019.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

33e8451b98c984ae8eb63d3219d548e15dfce155eacdd3a56dd8e0f816d9fe0c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122727
x-xss-protection: 0
server: cafe
etag: 5331386420056770977
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 20 Jun 2022 13:23:35 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/ Frame 3662 10 KB
5 KB 76ms
23ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220616/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

age: 80814
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 19 Jun 2022 14:56:41 GMT
etag: 8616628553774171045
expires: Sun, 03 Jul 2022 14:56:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 93ms
39ms Script
application/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=ioffice.site

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 14 KB
8 KB 887ms
886ms XHR
text/plain 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3854202735266871&correlator=4202035422328329&eid=31068076&output=ldjh&gdfp_req=1&vrg=2022061301&ptt=17&impl=fifs&iu_parts=339263271%3A22674246500%2Cgam_ioffice.site_display&enc_prev_ius=%2F0%2F1&prev_iu_szs=728x90&ifi=2&adks=1311897351&sfv=1-0-38&ecs=20220620&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1655731415288&lmt=1655731415&dlt=1655731414441&idt=790&biw=1600&bih=1200&adxs=583&adys=38&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fioffice.site%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=728x90&msz=728x90&fws=0&ohw=0&ga_vid=1810522252.1655731415&ga_sid=1655731415&ga_hid=2110497355&ga_fc=false&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

faac30b632c29d927a8a2fca7df681f2d533baf34a2dca559f6ab310290ab42f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7793
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ioffice.site
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 368ms
366ms XHR
text/plain 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3854202735266871&correlator=4202035422328329&eid=31068076&output=ldjh&gdfp_req=1&vrg=2022061301&ptt=17&impl=fifs&iu_parts=339263271%3A22674246500%2Cgam_ioffice.site_display&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&adks=2222404237&sfv=1-0-38&ecs=20220620&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1655731415300&lmt=1655731415&dlt=1655731414441&idt=790&biw=1600&bih=1200&adxs=290&adys=827&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fioffice.site%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=340x250&msz=340x250&fws=4&ohw=340&ga_vid=1810522252.1655731415&ga_sid=1655731415&ga_hid=2110497355&ga_fc=false&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

5ae838d866034b3eb6d4d2962ec3d99f8811897fdb48b590d0860316346300a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7977
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ioffice.site
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 15 KB
8 KB 641ms
641ms XHR
text/plain 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3854202735266871&correlator=4202035422328329&eid=31068076&output=ldjh&gdfp_req=1&vrg=2022061301&ptt=17&impl=fifs&iu_parts=339263271%3A22674246500%2Cgam_ioffice.site_display&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=2222404233&sfv=1-0-38&ecs=20220620&fsapi=false&sc=1&cookie_enabled=1&abxe=1&dt=1655731415307&lmt=1655731415&dlt=1655731414441&idt=790&biw=1600&bih=1200&adxs=971&adys=1004&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fioffice.site%2F&frm=20&vis=1&scr_x=0&scr_y=0&psz=339x276&msz=339x250&fws=0&ohw=0&ga_vid=1810522252.1655731415&ga_sid=1655731415&ga_hid=2110497355&ga_fc=false&btvi=0

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

f5584b97177e6c52cf220316988cb6a9184aa00c8011cb7ed063c45a5f4556ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7983
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://ioffice.site
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 75F8 6 KB
4 KB 104ms
36ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Tue, 20 Jun 2023 13:23:35 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 391 B
466 B 45ms
35ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ioffice.site&callback=_gfp_s_&client=ca-pub-3862260745750197&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206140101/show_ads_impl_fy2019.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

1a7454400e2469aa5845e2a91977b9d7c931639c19917101148e8a18661d0271

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C574 603 B
68 B 96ms
51ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-3862260745750197&output=html&adk=1812271804&adf=3025194257&lmt=1655731415&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fioffice.site%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&dt=1655731415035&bpp=3&bdt=595&idt=329&shv=r20220616&mjsv=m202206140101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2056177861381&frm=20&pv=2&ga_vid=1810522252.1655731415&ga_sid=1655731415&ga_hid=2110497355&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31067768%2C31067983&oid=2&pvsid=3854202735266871&tmod=654890390&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=352

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202206140101/show_ads_impl_fy2019.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Mon, 20 Jun 2022 13:23:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 9 KB
9 KB 66ms
65ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-180x135.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 16e7d3b53b816923cadd2043b8d460fb34c05fbb25e7bd52cb19c355ac87c223

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Sat, 11 Jun 2022 06:04:11 GMT
server: Apache
accept-ranges: bytes
content-length: 8810
content-type: image/jpeg

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
10 KB 49ms
48ms XHR
application/json 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022061301&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

79c9a47b15a72a4821c90e66d2766a421d5ca641dc5a374e1c3879f19f55db19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10572
x-xss-protection: 0

GET
H2 200 Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 6 KB
6 KB 63ms
62ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-180x135.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 7c648a3ad25c2bac8809450b3b408135d07d4d53da4123b4ae9b56e914445908

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Fri, 10 Jun 2022 18:02:12 GMT
server: Apache
accept-ranges: bytes
content-length: 5633
content-type: image/jpeg

GET
H2 200 Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 9 KB
9 KB 75ms
75ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-180x135.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 8a99716f472962c92a0b9f10c7e3dcb2afd0e345f0d65adb5345a24537351794

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Mon, 06 Jun 2022 05:52:38 GMT
server: Apache
accept-ranges: bytes
content-length: 9437
content-type: image/jpeg

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 58ms
39ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 13:23:35 GMT

GET
H2 200 Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 7 KB
7 KB 67ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-180x135.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 79cf7ea4cdd7f173f46b94dd6d9e7310ed0bbca6de51992166d7e778ea1ad0f9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Thu, 09 Jun 2022 17:59:56 GMT
server: Apache
accept-ranges: bytes
content-length: 7240
content-type: image/jpeg

GET
H2 200 Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 4 KB
4 KB 64ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-180x135.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 12ddfb9d0438061952f509ff15ceebd23d74770de66f6479a2bb5d4ed6ae5bfc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Thu, 09 Jun 2022 05:58:45 GMT
server: Apache
accept-ranges: bytes
content-length: 4388
content-type: image/jpeg

GET
H2 200 Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 9 KB
9 KB 63ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-180x135.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 16e7d3b53b816923cadd2043b8d460fb34c05fbb25e7bd52cb19c355ac87c223

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Sat, 11 Jun 2022 06:04:11 GMT
server: Apache
accept-ranges: bytes
content-length: 8810
content-type: image/jpeg

GET
H2 200 Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 6 KB
6 KB 65ms
64ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-180x135.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 7c648a3ad25c2bac8809450b3b408135d07d4d53da4123b4ae9b56e914445908

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Fri, 10 Jun 2022 18:02:12 GMT
server: Apache
accept-ranges: bytes
content-length: 5633
content-type: image/jpeg

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A08D 13 KB
5 KB 63ms
19ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 130417
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Jun 2022 01:09:58 GMT
expires: Mon, 19 Jun 2023 01:09:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D61B 783 B
1 KB 92ms
43ms Document
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

274221be58999823d56940d75fe7ad45f9e83dda8ada208ca207cb3e1376b169

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-B3mvB5JHfzq6WzBX6aJoHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-B3mvB5JHfzq6WzBX6aJoHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Mon, 20 Jun 2022 13:23:35 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 9 KB
9 KB 65ms
64ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-180x135.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 8a99716f472962c92a0b9f10c7e3dcb2afd0e345f0d65adb5345a24537351794

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Mon, 06 Jun 2022 05:52:38 GMT
server: Apache
accept-ranges: bytes
content-length: 9437
content-type: image/jpeg

GET
H3 200 container.html Show response
6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 1694 6 KB
3 KB 21ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Tue, 20 Jun 2023 13:23:35 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 7 KB
7 KB 64ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-180x135.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 79cf7ea4cdd7f173f46b94dd6d9e7310ed0bbca6de51992166d7e778ea1ad0f9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Thu, 09 Jun 2022 17:59:56 GMT
server: Apache
accept-ranges: bytes
content-length: 7240
content-type: image/jpeg

GET
H2 200 Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-180x135.jpg
ioffice.site/wp-content/uploads/2022/06/ 4 KB
4 KB 66ms
65ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-180x135.jpg
Requested by: Host: ioffice.site
URL: https://ioffice.site/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 12ddfb9d0438061952f509ff15ceebd23d74770de66f6479a2bb5d4ed6ae5bfc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Thu, 09 Jun 2022 05:58:45 GMT
server: Apache
accept-ranges: bytes
content-length: 4388
content-type: image/jpeg

GET
H3 200 soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js Show response
pagead2.googlesyndication.com/bg/ Frame A08D 35 KB
14 KB 21ms
19ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

b282508d53045b3f805b6697d9c106215798fa6a836e52efb5bb664b72b2342e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 340353
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13867
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:51:02 GMT

GET
H2 200 Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-681x400.jpg
ioffice.site/wp-content/uploads/2022/06/ 68 KB
68 KB 67ms
66ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Stellar-lanca-servico-de-saque-de-cripto-em-dinheiro-sem-681x400.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 02942306c33a003a05a4401a5811cf77fc00bab4c9baa6e8348cc48b1df8f811

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Sat, 11 Jun 2022 06:04:11 GMT
server: Apache
accept-ranges: bytes
content-length: 69460
content-type: image/jpeg

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B304 624 B
300 B 42ms
39ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPyYgQEQ_cKFARij3OLLATAB&v=APEucNUwEoRBknoksQCTC_fQkSAeiTuWEokjUcxjqhVNBcL0dKuv5D_ahWGfyffoBb5r86WlDbJNdL55Bf65vM7o9N1nftoXofXhqA2Q0WOucG_WrSEf0SXiVwxcRwAC7pRnQg-rj9vOJqKqBIkHe-Aeviir7hhitCTTlALEx92sYLjLRTGHoRU

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Mon, 20 Jun 2022 13:23:35 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 1694 77 KB
33 KB 83ms
82ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsnD4pS_5ZAhwrbPDShPcRkULA7pfh4gVRrTJn4iuGwKZoFpQBKnzqfDavkXJZklL5pbXeZk-kWJ0T8vDUjzecjy8xF3Hs53ndFcGMAPxnWkDxsp-sijEJVxQ9qcuxt_9MK9Zp2RfMJOeK4yoj-mfAljV3VA&dbm_d=AKAmf-A87f-3IIcd_ii8gHm8IAn2lBT4k7koa56801bqTCG8F-hPaihN8w3pyVyzZKUksXb1MrsUWxX1OebC1mbZjhfToqsr2k72fWfMhSAy1JivQplfkqXk8VlKMjB0xQX8rcSLRmRxUcPzP9-9jFvbcnY7DlINix7YYoy01vklVvVWKbuugVuE3PuFdShNvYQjfL2At17EWeMCov0Lw8183fBu_HS2jmhWs_hQmrP5oWDM_eAc3TGbYbUXwOY_bbJZZe0b63tdGtDABGWY2PDKf9E3oZ4EOWKX3WuY7FB350qD6dcvtWM3HmmTe_wiEn00nF7WTTesrxzITvVie6_iE8NpMaZ3bdP1vssn3C9Rhi8DFvMBkhheJXjt_cmhauSy95nFkvzsf4hjAS-nrUNwV4UMDGlztFwV1aFTNAJsdggLIwyGGbo4wGxCvGnuP-wf0VOMeMiRpSjZPnEzCdh_ANTXF7psP3z9671IHVwRT_qBZmRGntBzuzcLKV7k5OBIiu8geg-M9ZL3XbuDAjA0b_5_ZNGxF2K-KrPv8NEHTHxyOmhIJXZkEcXav7SZw4ibwpFs_LjNhmOeA2Y1E8bFGXC3G1HCWxSzAp_5zaCkaM9BYMLh8gbm01CFEuNMUA6P9yn4UOigAxJzgYk8mW4ghzKwZRRghYhPXQIF3l2kWdB-zMVqpnPeWO99k7O_74EVTutREREsWZfar7AID8wc1L0iHNLxhj_bj_Yauh5CtYAs6oHVlYy-A1yot8VsxgtClntZ1gtisFQLPgXqc1K3qiUTgLBS6HFTu-P-CY2bhtweOgV2m-ainFx_qbHDhvN0E63QVPEt98H2kW4L4C2qhAF48STZ3dLmoAAEjlOzKRQYGM4ha7lNmbUYX2mjBn9DqkOpjIPdD4UNTqW4JL0JFvoP-jOU5tPMrdSVZSDhv-Uur5_RGFQ5u_n7IayXfBEj5mrciBHZ7qzFWAJF4sB77_gGybpvY-vqFIW-gT7ZnsI1m67QXdRMWX5cz2sbUV3wb7qH-jNKAR3IX8FjyXXVzAKWqVyC6YggFsaAxFIW5x3-sVrOr6hwTo6TJG_xl7uDtqQe71ixZy3zPJxW6Hi7GZGXlJdWln4dJb62KoqTUVfwYklwrf98aOarWYexaXaG_lnJXHZC8T-0Nr2bsbCYLgaNWOeAKFooSq2Dpr2_nlNTf7_q2L-0xJnMd9U064KRqmo0EkixETJVhVS-OyfCYe1vWZ1F4Vq_zS0fxnLQVAjYX8J2JNNR413UELRjcwtVz2IsRnqF-XOxADW0H6d_wXpeXCMfGRw8H7oFf-wplQosYqsDX-7ynqGHmLNsZ2ZV-WOt0LLY-x2K3Ttwh7QCCHn3OM5e_A61_FLCwZtrx1oJzOl5tddwZCRUCpvDZK0WWuC2uAsW6ekZRm1mpFkOnzQyE1bML8YpkwGgAsltcnK8RPJ2YAcJfRmyD_2dM3qlmkAKIfGCTZTjb165jCTuQQ98YoVmB9i9JGfv0oq860-Sq5ZWAVlvWTP3U5vakxWimm52gr6IoDTPMs8t2TVHs9J7ZrLuV5dndSViHX5bhvNX4d2KBBPVZ3it3L7RCcSkTx039XDR5f2fwKrAwT39w-0PxZJIXxuOjo6kLnojrxgD3Psd2CtaChzCsCRyge-D38U-xd-rlPLrSQK-YYx_SwOfjrLOxUv3CQi9MFl1aKBh1e--GXPBSYCwxpT3erVuBDLV7nUnm48YnGOjmwSyPAibgEGQ4ZJOp-rFkxMuYBOqxdz9fbdWeLgw3zFViPqKzJykBsWGZxakq0rWY5OXLkRsc-_6JkMZJO9ZT1MraDDj9-rJndd6TzzTqUto4xCLg7YB19j33lyyD6a7H_9zPZoXb7pi6fW7s9101UHl0YBRTxDSussDooOdJGhzCNS4F2RSgikBUFtuJwyVd_WTv7lxaZmvNVNksQijcgR1uOgUQG2o0sdJ3RuouBT4V1s2aP4k61ViI8T4ZZbeptK0IJDPy-Nj7DeWawn5eg8aIQXVv5w5xKgLPzgkBTfe-c9OwNdVvF0G0XJCwiMDOsFia0yB-dwPs0Z6Lw-hLT78Onw8-Xv1E4KA7aIoxUL77zkHF663ePfqhIkMOYxaOaMg4pUfU_TD2LwJb2GNx4jD5NA9dbOoznpRwjftuGNrGx7zeMFmd0-U-Qs8a5OcRdMkvFAzO5sNoXtLfdeerfhQtj0P7fr86aopLFH6_FnD0gMBvRLwdciW3o64szSg7MR87YeVv8ws8pEqg9bdnEW2mjl4Br8fXnCTljbigThciy19zYuROtLR9VIEK6zJGLmEoxtLVxhGd7bv_W45TuX73_o_IC4rh5iJeVLCnuSqQO3YdNQcMv9Z-QRlEnB6J4dZhkAkd0-fiQm5VJ7F9hWHVOdX9p1nR1vg5xM2-pR1joXBnD5lgmMn8fch4E6BW20wPSU6OnTVexk96uwtOJls3Dh0yNv2e1PShXZuMhgYTVhSM29Kzg10Dugo9Vcc6LmfnJ2PLpwh0an_J7Bh8rXOmsFuYR_G7HGsD9jnZzXNzVBM64OkGHYF14EhREmyUSk8eb4ekajmIeoSrrXmUTiNjvZryklSfFwG2JOrhcJakqIZcptNy2KczFL5a0KIPh1kPhB1C7jB3OQVrIvJn6HDr3WgJCJCM7pCNGBrspANwNFiLoyigyrDxXcuC1V89QNCkgpHp-THaEhxBxXrpUU3CWXqzYC19hYyN1a5JzZSwYH7WLruY3PIxmp0mCb3ZFx1ahibuqqSp2AvXEqMt7B2TBa9oTqBi-UPRhRDSBojQ3Q7nwqRybUVwJaZm8sgMa_yn_TXg9SlUs7InEy4JnnaRDe6xDphe10rVw3kp3qrWUKpwHgz5lO5tOZrco7nPAolzqgyTm637lGuRJJ1BJgs0t9AurAQpzR4J9tWlchcVPJiaEybCEo2eeNSujMUD2PRta5NZt4cpPQi_3az2bBXGZbsBpXsxZuRLIZLOOfHJCAfWm9FdbGASBx9Y9N5JDiKsvV8K36PazQOOSRvHRLVhOCX1sqLqLoO5EUh100g8YIi7tMKTJ9iOH7TOAbHnO9Exb777JNh7HO8oMkq-3UXJ-z5qdPfs2U-CIKa42RG-YOzokwFBA6CkqnRPQ9YToM131Rf-kr1LBE_gxrX5ZzUYScQErk-EDW2BYJ6-NRmULu8cRwrFwkgtbGYb2PbDSDUetwhvzcJVA&cid=CAASKORovU3PxsgSf6bESuf6uDawwQAIqz81q0epJwNrQwiFzCfuC4UbJnY&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1e2c7bdf83d5aab655e461ae1ba73e756859f18b452b0955a44f88f9e2d9a154

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33282
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1694 42 B
63 B 80ms
78ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bb66WV4YA4_3YG3ymApj2ox7DNXa0dt6oJACD6GyIRfm4xuwsAH6-7DjWFKNOEny1mw6BRMxa-jhC8EcDIc1pUGzMMWZfGHtqHJi6G_Fv4KAz4QF0

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:35 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 1694 3 KB
1 KB 21ms
19ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 196
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:20:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 1694 137 KB
43 KB 109ms
57ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d43af314f4a32ff8d1981c5319400f692c2cab96494705a9ec46cb1c45483ee5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43182
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655318790223595"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 13:23:35 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 1694 17 KB
7 KB 26ms
23ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 107
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 1694 0
0 97ms
38ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSgR8oNzQyuRFgO2sKUsUomamIsIxfx4HPmBLUv2jZp6rXcH7UTCkUQNByodI_pYHFvBV3Oz60Xc5xY_Q658Mhls0Bv2g
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D61B 0
0 51ms
49ms Image
text/html 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022061301&jk=3854202735266871&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

GET
H2 200 Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-341x220.jpg
ioffice.site/wp-content/uploads/2022/06/ 11 KB
11 KB 70ms
70ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Diretor-da-Petrobras-PETR4-defende-pratica-de-precos-de-mercado-341x220.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 749fd999b7648709f742229d2500580b76874f276e4d05b5d669df39f35e3c8d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Fri, 10 Jun 2022 18:02:13 GMT
server: Apache
accept-ranges: bytes
content-length: 11279
content-type: image/jpeg

GET
H2 200 Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-341x220.jpg
ioffice.site/wp-content/uploads/2022/06/ 26 KB
27 KB 66ms
65ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Assembleia-de-debenturistas-de-Furnas-e-suspensa-pela-Justica-e-341x220.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: e1c5b81a97ca52f20b5f90b1d028482cf9c6597a5ec11586d9c569cb4367c580

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Mon, 06 Jun 2022 05:52:38 GMT
server: Apache
accept-ranges: bytes
content-length: 26961
content-type: image/jpeg

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B304
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

43 B
781 B

91ms
55ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPyYgQEQ_cKFARij3OLLATAB&v=APEucNUwEoRBknoksQCTC_fQkSAeiTuWEokjUcxjqhVNBcL0dKuv5D_ahWGfyffoBb5r86WlDbJNdL55Bf65vM7o9N1nftoXofXhqA2Q0WOucG_WrSEf0SXiVwxcRwAC7pRnQg-rj9vOJqKqBIkHe-Aeviir7hhitCTTlALEx92sYLjLRTGHoRU
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 20 Jun 2022 13:23:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:35 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame B304
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrB012MGguQvRQsKXCZZHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

43 B
781 B

25ms
24ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPyYgQEQ_cKFARij3OLLATAB&v=APEucNUwEoRBknoksQCTC_fQkSAeiTuWEokjUcxjqhVNBcL0dKuv5D_ahWGfyffoBb5r86WlDbJNdL55Bf65vM7o9N1nftoXofXhqA2Q0WOucG_WrSEf0SXiVwxcRwAC7pRnQg-rj9vOJqKqBIkHe-Aeviir7hhitCTTlALEx92sYLjLRTGHoRU
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 20 Jun 2022 13:23:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/ Frame B304
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJLPFAo1HDDQilfBeZDVXkE%26google_cver%3D1

43 B
1 KB

63ms
63ms

Image
image/gif

68.67.179.135
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJLPFAo1HDDQilfBeZDVXkE%26google_cver%3D1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPyYgQEQ_cKFARij3OLLATAB&v=APEucNUwEoRBknoksQCTC_fQkSAeiTuWEokjUcxjqhVNBcL0dKuv5D_ahWGfyffoBb5r86WlDbJNdL55Bf65vM7o9N1nftoXofXhqA2Q0WOucG_WrSEf0SXiVwxcRwAC7pRnQg-rj9vOJqKqBIkHe-Aeviir7hhitCTTlALEx92sYLjLRTGHoRU

Protocol

HTTP/1.1

Server

68.67.179.135 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 4a49140a-21d3-4756-9705-d8338b62c329
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 42b01a80-ca1b-4e94-b152-71917bb3af7b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D101%26code%3DCAESEJLPFAo1HDDQilfBeZDVXkE%26google_cver%3D1
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B304
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0a099282-e6a8-43ed-b29a-ca47ecd8e9e2
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 1694 106 KB
38 KB 90ms
19ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Origin: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 07:10:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Jun 2022 07:10:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/ Frame 1694 8 KB
3 KB 19ms
18ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BsnD4pS_5ZAhwrbPDShPcRkULA7pfh4gVRrTJn4iuGwKZoFpQBKnzqfDavkXJZklL5pbXeZk-kWJ0T8vDUjzecjy8xF3Hs53ndFcGMAPxnWkDxsp-sijEJVxQ9qcuxt_9MK9Zp2RfMJOeK4yoj-mfAljV3VA&dbm_d=AKAmf-A87f-3IIcd_ii8gHm8IAn2lBT4k7koa56801bqTCG8F-hPaihN8w3pyVyzZKUksXb1MrsUWxX1OebC1mbZjhfToqsr2k72fWfMhSAy1JivQplfkqXk8VlKMjB0xQX8rcSLRmRxUcPzP9-9jFvbcnY7DlINix7YYoy01vklVvVWKbuugVuE3PuFdShNvYQjfL2At17EWeMCov0Lw8183fBu_HS2jmhWs_hQmrP5oWDM_eAc3TGbYbUXwOY_bbJZZe0b63tdGtDABGWY2PDKf9E3oZ4EOWKX3WuY7FB350qD6dcvtWM3HmmTe_wiEn00nF7WTTesrxzITvVie6_iE8NpMaZ3bdP1vssn3C9Rhi8DFvMBkhheJXjt_cmhauSy95nFkvzsf4hjAS-nrUNwV4UMDGlztFwV1aFTNAJsdggLIwyGGbo4wGxCvGnuP-wf0VOMeMiRpSjZPnEzCdh_ANTXF7psP3z9671IHVwRT_qBZmRGntBzuzcLKV7k5OBIiu8geg-M9ZL3XbuDAjA0b_5_ZNGxF2K-KrPv8NEHTHxyOmhIJXZkEcXav7SZw4ibwpFs_LjNhmOeA2Y1E8bFGXC3G1HCWxSzAp_5zaCkaM9BYMLh8gbm01CFEuNMUA6P9yn4UOigAxJzgYk8mW4ghzKwZRRghYhPXQIF3l2kWdB-zMVqpnPeWO99k7O_74EVTutREREsWZfar7AID8wc1L0iHNLxhj_bj_Yauh5CtYAs6oHVlYy-A1yot8VsxgtClntZ1gtisFQLPgXqc1K3qiUTgLBS6HFTu-P-CY2bhtweOgV2m-ainFx_qbHDhvN0E63QVPEt98H2kW4L4C2qhAF48STZ3dLmoAAEjlOzKRQYGM4ha7lNmbUYX2mjBn9DqkOpjIPdD4UNTqW4JL0JFvoP-jOU5tPMrdSVZSDhv-Uur5_RGFQ5u_n7IayXfBEj5mrciBHZ7qzFWAJF4sB77_gGybpvY-vqFIW-gT7ZnsI1m67QXdRMWX5cz2sbUV3wb7qH-jNKAR3IX8FjyXXVzAKWqVyC6YggFsaAxFIW5x3-sVrOr6hwTo6TJG_xl7uDtqQe71ixZy3zPJxW6Hi7GZGXlJdWln4dJb62KoqTUVfwYklwrf98aOarWYexaXaG_lnJXHZC8T-0Nr2bsbCYLgaNWOeAKFooSq2Dpr2_nlNTf7_q2L-0xJnMd9U064KRqmo0EkixETJVhVS-OyfCYe1vWZ1F4Vq_zS0fxnLQVAjYX8J2JNNR413UELRjcwtVz2IsRnqF-XOxADW0H6d_wXpeXCMfGRw8H7oFf-wplQosYqsDX-7ynqGHmLNsZ2ZV-WOt0LLY-x2K3Ttwh7QCCHn3OM5e_A61_FLCwZtrx1oJzOl5tddwZCRUCpvDZK0WWuC2uAsW6ekZRm1mpFkOnzQyE1bML8YpkwGgAsltcnK8RPJ2YAcJfRmyD_2dM3qlmkAKIfGCTZTjb165jCTuQQ98YoVmB9i9JGfv0oq860-Sq5ZWAVlvWTP3U5vakxWimm52gr6IoDTPMs8t2TVHs9J7ZrLuV5dndSViHX5bhvNX4d2KBBPVZ3it3L7RCcSkTx039XDR5f2fwKrAwT39w-0PxZJIXxuOjo6kLnojrxgD3Psd2CtaChzCsCRyge-D38U-xd-rlPLrSQK-YYx_SwOfjrLOxUv3CQi9MFl1aKBh1e--GXPBSYCwxpT3erVuBDLV7nUnm48YnGOjmwSyPAibgEGQ4ZJOp-rFkxMuYBOqxdz9fbdWeLgw3zFViPqKzJykBsWGZxakq0rWY5OXLkRsc-_6JkMZJO9ZT1MraDDj9-rJndd6TzzTqUto4xCLg7YB19j33lyyD6a7H_9zPZoXb7pi6fW7s9101UHl0YBRTxDSussDooOdJGhzCNS4F2RSgikBUFtuJwyVd_WTv7lxaZmvNVNksQijcgR1uOgUQG2o0sdJ3RuouBT4V1s2aP4k61ViI8T4ZZbeptK0IJDPy-Nj7DeWawn5eg8aIQXVv5w5xKgLPzgkBTfe-c9OwNdVvF0G0XJCwiMDOsFia0yB-dwPs0Z6Lw-hLT78Onw8-Xv1E4KA7aIoxUL77zkHF663ePfqhIkMOYxaOaMg4pUfU_TD2LwJb2GNx4jD5NA9dbOoznpRwjftuGNrGx7zeMFmd0-U-Qs8a5OcRdMkvFAzO5sNoXtLfdeerfhQtj0P7fr86aopLFH6_FnD0gMBvRLwdciW3o64szSg7MR87YeVv8ws8pEqg9bdnEW2mjl4Br8fXnCTljbigThciy19zYuROtLR9VIEK6zJGLmEoxtLVxhGd7bv_W45TuX73_o_IC4rh5iJeVLCnuSqQO3YdNQcMv9Z-QRlEnB6J4dZhkAkd0-fiQm5VJ7F9hWHVOdX9p1nR1vg5xM2-pR1joXBnD5lgmMn8fch4E6BW20wPSU6OnTVexk96uwtOJls3Dh0yNv2e1PShXZuMhgYTVhSM29Kzg10Dugo9Vcc6LmfnJ2PLpwh0an_J7Bh8rXOmsFuYR_G7HGsD9jnZzXNzVBM64OkGHYF14EhREmyUSk8eb4ekajmIeoSrrXmUTiNjvZryklSfFwG2JOrhcJakqIZcptNy2KczFL5a0KIPh1kPhB1C7jB3OQVrIvJn6HDr3WgJCJCM7pCNGBrspANwNFiLoyigyrDxXcuC1V89QNCkgpHp-THaEhxBxXrpUU3CWXqzYC19hYyN1a5JzZSwYH7WLruY3PIxmp0mCb3ZFx1ahibuqqSp2AvXEqMt7B2TBa9oTqBi-UPRhRDSBojQ3Q7nwqRybUVwJaZm8sgMa_yn_TXg9SlUs7InEy4JnnaRDe6xDphe10rVw3kp3qrWUKpwHgz5lO5tOZrco7nPAolzqgyTm637lGuRJJ1BJgs0t9AurAQpzR4J9tWlchcVPJiaEybCEo2eeNSujMUD2PRta5NZt4cpPQi_3az2bBXGZbsBpXsxZuRLIZLOOfHJCAfWm9FdbGASBx9Y9N5JDiKsvV8K36PazQOOSRvHRLVhOCX1sqLqLoO5EUh100g8YIi7tMKTJ9iOH7TOAbHnO9Exb777JNh7HO8oMkq-3UXJ-z5qdPfs2U-CIKa42RG-YOzokwFBA6CkqnRPQ9YToM131Rf-kr1LBE_gxrX5ZzUYScQErk-EDW2BYJ6-NRmULu8cRwrFwkgtbGYb2PbDSDUetwhvzcJVA&cid=CAASKORovU3PxsgSf6bESuf6uDawwQAIqz81q0epJwNrQwiFzCfuC4UbJnY&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 367
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:17:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 1694 27 KB
10 KB 24ms
24ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

502bf78db333356f428e459b0dccdd1974dcdf0a2211c52fe45cc10d6f4a6246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10546
x-xss-protection: 0
server: cafe
etag: 1672864604874404814
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:55 GMT

GET
H2 200 Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-341x220.jpg
ioffice.site/wp-content/uploads/2022/06/ 16 KB
16 KB 64ms
63ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Aliansce-Sonae-ALSO3-e-brMalls-BRML3-aprovam-fusao-e-criam-341x220.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 4d04176a4684a09196bbd772cf32e3b0f6af658aba4739e37545e80b4c9777e9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:35 GMT
last-modified: Thu, 09 Jun 2022 17:59:57 GMT
server: Apache
accept-ranges: bytes
content-length: 16467
content-type: image/jpeg

GET
H3 200 container.html Show response
6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 138C 6 KB
3 KB 20ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Tue, 20 Jun 2023 13:23:35 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-341x220.jpg
ioffice.site/wp-content/uploads/2022/06/ 10 KB
10 KB 64ms
64ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/Azul-AZUL4-reporta-alta-de-74-no-trafego-de-passageiros-341x220.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 5e8cf9bf6495749c7604626cbf3f964b4e27464f0cc790246e609842dc151862

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
last-modified: Thu, 09 Jun 2022 05:58:45 GMT
server: Apache
accept-ranges: bytes
content-length: 10213
content-type: image/jpeg

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 1694 41 KB
15 KB 20ms
19ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Sun, 19 Jun 2022 01:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 19 Jun 2023 01:09:50 GMT

GET
H2 200 STJ-retoma-julgamento-sobre-cobertura-obrigatoria-dos-planos-de-saude-341x220.png
ioffice.site/wp-content/uploads/2022/06/ 103 KB
104 KB 72ms
72ms Image
image/png 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/06/STJ-retoma-julgamento-sobre-cobertura-obrigatoria-dos-planos-de-saude-341x220.png
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: 6fe7fd108a00ef624524388fe870d2f05b786c0d435f3e5d91bade3ecf6158f2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
last-modified: Wed, 08 Jun 2022 17:57:59 GMT
server: Apache
accept-ranges: bytes
content-length: 105538
content-type: image/png

GET
DATA 200
OK truncated
/ Frame 1694 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03e7094e68025aaea2022a705aa598ca8f772088762a4db5c950d16cb6d6bdfc

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 35F5 624 B
299 B 42ms
38ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLXnfBDHqn4Ypa6NywEwAQ&v=APEucNUiXh497zbCOIaTdoBQ3ED-219gA1lEcvpgbfG6aL-8f2yx6E8wbI-3dHVotKo2pM37ykvitAUG7IwnpyM2FHHcgjGp3JLAAsTm0Auo4MwLfcUjikD5dZX0Mj-qOXniB5zXfaw_xH9UzJi8iOY_mO_iXIxbAZLyKVA6RIYzVloxWxqBFN8

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:36 GMT
expires: Mon, 20 Jun 2022 13:23:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 138C 84 KB
33 KB 74ms
72ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4KHSuPP_gWWdWLCt-DqzO9T0iMUGtio-LHRvNayHFQ-O9b-w1B1YGPGjEm-pM85NfIqe90MWqNcvsOrhr16ZZsxS2h6qsGYRCcIaNB7kBUQbwUgCFozsI-w7-irPFXcHyoaCRFYExxYON8pJJGlBfbQA5cg&dbm_d=AKAmf-CfAemIyDeM5G99hQF6ZGnpL2ivIZwy7sanMniYgZ_5O3tiIS-lIVeIv0sASwI7cAUdMtbaoYnIzB4W0uyHhRdjQGfUFGTLmaPVn0BuSx0dpY1f9rqRvNTMAgJZstG5rYkVVr5ycTUjT3Qd8LqI6G_SNJnAdYDgV8_H8To1BYaBnR7wd9uFOZyiraN468yWKZqRIfYd0LQxrefa9DQwDZAYEjemgu5whzgluZGo9jfoF8gROylsHKXBYHEJDUjp9exX3VaTyQDCMHJ0Ka4z5a0I6CuvoTGdV0chhLG8Xl3pNK5lWFz7KYQoxV4yJAegumqtJi5b3_PGcgu015hAuAZ7A1N6VgS6mUtL--xDqUG3rLtRGP_yOGOUrLmgfIUgoIK7MhmRJPL_yVo0x67f2m8Q9MBYz3EwCRGI9QKuev6GNo3DseiJjPfvjT-3XWK8POhCjBtFbcdesrKjug5cum5m2rtvdow14h7XsE3RI63IApDfuytqPzD_5nL4GVKFEreIFEi6iduS-Yp38Fjquyr8Q30QZXA1NvmkwQc4_fDaq1hUsku2Bb0ff7Pfw1vX17Z8HPZ3zQWkQIz0Yd6PnaIOhazuwPVxKkb1P1MKDkJoYQ5XRxEXUlFicWivB_gfjjFAr9o0fU46Wh-Di_GFbHQWB4oAI4pAiRyqUZgsmXAe747sTv-7U-vh1kFSVCPMaqHpzb1IGXOpwFLXbA8t6gJoNtkd7Y6HJ9BFBQzk4XJPnt4dlyl1AL19E9WAgcbVQvWlGIJd9DSOYDc4VHtIOgWb4WDg3jSKKRfrWLU5W16MaJnRWlAiKybRtMxMWqhYIPLngwqWjUM75LiPsu4rcHBfORN089OtpoOkaIsJLp44_cdRDPKbWlKGl6vV09xRntsqnQZCrAqywICZfc1pfDnxzs13-Y60IoMlhAP8zrEWdaA1aEW44pZYVWA_XXRgknXdsDW3UkFG7Y6CXcYb7PlgG4-8erYLFZZ1Oelqa0ZdsoRCcI6B4zpzBfKvQ7jZM1TTQPyTciF1XhJ_Oph09Z109DnYPVdSZiEK4GEtW2vkAYQShml-EsT3cTdX9o7sLB7RoeO-HkFuG0y31xzzalFQtT94dBt1zXDeqhfhwrn2bvGGZNr2QDhmEfdcO3jMB-ZdphgiCF0KVO9rMetEmrTGlGcCbN4qxIIxe_MmANobL_OiLrNknCVZ4B18sX_iMwFR7Ei1W0KxPySt-x71bHTAmxE84JHr5u2ZKWnX4orav1qKqKgWNH59_y9v_KZCsgWFkFFubdDvTEsCbGkFUkuqSrT-Cp8nEQTIFEAjKdaHHx5JrJN3e8u3HHoA7WH7_-nnyPxqAALdUT-ZejiwNZf6GGDKiXGHoVdC40VhPpcF2T1CMp_NaA1lX4v0C9aNs29qiKFQZWRjfIAUYbmOhxfTzIrKuCkpo6PIR6FgDjxlHtAKxbWqH7wckbh9QS4vGDb6VEPqyrHRoU8gKXgr4DNmaxg9dygTwkpBRIw-UUUxT448cn5s-_DH9ewWerXebpbEqbLyUlKqux4n7qklNQ4WY0yfkiEVuz65jgSJWBsrNrZcpbu-X-12hCdnHA4krj2NuAmkXgYTDgp87mqI-0z9XDK3g7iE9O1b6GeFURG-_1dqy23tTzkI3-9B5zpEMbhrJaotqgmjs41yLMHZyPYV2CxSgMFz5smKWmx4QaSZwBhylzFVrz0XgzxEo88XRcXbt_pTXkxJIcFn0mPoN1J6NVra0RLLZUCuJzozxUGr4hMVTePp1ivIfW1Y3R9jGHJmvC2jC1wzOVNV3tUI_VStBLd1zosdH2AYZc_weNJcpY1hbDwbeLpg-w6Pp5d9XVyky5muNmYJgqV8Z4DuEXkgPyjSK2y3SQ0Dk32RSpfUgn9i-UMe_ya8XqPG9L0AX82Ad1m8qpq1rPHK6JcYhBBpj-R2D4sm5TnzSmvlZW8bo-CMjzOMCG0-RB1HjRBMYB3DMs7ZluPdMfhsHMDoNiuPkpZ-1i9oXf9rSclS50GR7v0c9GVMstD33TdR9iBQGDr5ToEWiPPodi_lnGm44876AKUcW7Rw4t9YM1Fy9PqARjNs-aqt0pfK8o5obvqJHgKgjAIgDpZ0ugQ3VCJEySWY0PxpCukJUJsTxfUTPvKHmdtZ5m2_tnwn0JaW4iIPFVV21h9pQGAc8h85r1YxjrOgYGgUxhb5oLTZVEjmRLj95kHreWEHo0aifA01e7_4JXR3jxAQghtISsZ6KFJ3iNhh4SVQXl5TEmyroeiagl4HfnuOSzLimbEXHvUvAMDPd60u2iM69BwiZvEFut_mTk2rszBznR-8M6x6oypqFXdCrUX_t-1igcN4-BwTGokb41-NKzbWMKmUtTfj0Qrr4p_8spmSF56gZgznNzYYN4Lg07chNefRkGo56SUaVB1I-Jx8sYoQQTCr-fJyDPZIU25POCsWAYKCtWD-1nxPp077C3uflEjNQdDiun5hsPYYKhbo77gIJpUQL_4CSA1VxI-VW3WDrERQXOrgF6CFIIhJcpagw53dlRLiL5YOxAG7IrZtPWScHP56NaaCgdvpRHGMAAhMIfIcAnGUnjlJEcAKsThY6sIoTrxzGVmCDYVWGClIylEgPd59U8BLfkVIEZQP60Ym6q8uBX_abdYvVALjPf6T9TWOXtyW4xBfBMZeslM1WhPAm3fSRR8cGAfvrc4DMETx49A4Tc9sbTtMnvUuOxu6WSBo3Rir0XYcXy4CJdGmzF3w-bUM-MNpVPpthEpdYVEYBMhmrif8yWwj9dRHHpC7z7OJ1SAkxhrmv3GpyAN_oQL0Mtlrp8e9MiHaNq1lU9p-uG8czjpws6OyoN-EFY6kO1FF1gj3Fhc1bVVj2ywyVkSGRITH51-j4qwuN7dX_uSL7gvizkUScnGxstsn-x8eACnoQtZRjSKh5NwkLI-W7VFN_OVmhPd88XvsNGpCaQvIe1iXcihoXdCbkbQvvfBBJbAt0wvC64m-lFRyp8Na6uAukXjsHrYwZvyXTwSgjhJHq9LUhXdkmzUvVDxW6pdobTxjTrsjH2SyvxtzyLgC6HNG2I6f6oRWIr9_T8OhOxY_NTRnsLfO1E1eSikpa8BrBfsezInRwoeklkr1oAyTg1hD63enMLXCUMYgwsTnFOOIi009aDMCW4UKt0K8FnOLvqfPfiSG8rIf4f58H6rXhmUXtftNotZaA3amZrdeQLWvUA&cid=CAASKORomU6PW98A1GKB8LuLZSBtZ67Mt347310uehlv1HqngbDv80efpwU&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f052e8c496901afe2af37cf4bc6a7805ee9ec0d4843fec5b50da05104d8ce11e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33700
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 138C 42 B
63 B 80ms
78ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BvR4HoRi6Wh7sV9o_SM9bxWwv3JP8fmrGzZk7oe74a1nXtjzhcm9h6HKY2iHfRcShy-_0BH4j4Kx8rM61ZlF6xNwFugivXqohylOB77opTpl3wNS4

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 138C 3 KB
1 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:20:19 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 138C 137 KB
42 KB 100ms
51ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d43af314f4a32ff8d1981c5319400f692c2cab96494705a9ec46cb1c45483ee5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43182
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655318790223595"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 13:23:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 138C 17 KB
7 KB 23ms
19ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:48 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 138C 0
0 42ms
38ms Image
text/html 2607:f8b0:4006:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRph_-zgbtsN-Bt0vdH7JxExyEtYoZKSUzRhR9Q5Y0hIQ9KI-QN8Dl_EZ6fM-hTzo9a2nBwq21IuBpvkX3dg3MJJFx16Q
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:807::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A08D 0
9 B 21ms
21ms Image
text/plain 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YbHpXQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 96 KB
20 KB 67ms
21ms Document
text/html 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79772295aeb124c683a8abad0c86dde7d252e66c49a91dcfe0a5be37a8dc366e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 233758
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 20055
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 17 Jun 2022 20:27:38 GMT
expires: Sat, 17 Jun 2023 20:27:38 GMT
last-modified: Tue, 31 May 2022 13:52:31 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1694 0
622 B 113ms
45ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvhJG-XbL8MueMjCu8uUD07aV2JUlhJh8u0ueoub-Xa6OrmyiYtFtTEKjGMhKu01_EWmN4Xc0b2klebyltM0Hd19BErcyyCJhrsc1ovQzR8DnVz-s5pEYl85ZZ1vw-sW-ZinXlGiYbVkwGkfADTgR5mTFoG8wWspLkMQ1cPgbRtjDHO6sVhXODW5GcLkrqAHcF20ZQ8D7hHngWwTBgX3Jd4PiUiZMnXJGzuUX8yRcBL6Ib9m5Jgp1ZkMY0NV5ozCbCOD-1PHt_rL06arPOjBnl-B09DNrMfLL8Mo_bQEEiyJ6PMVBq3P5YVzKDmbPSNag9Zw2PgCZiwdO7YAyIzwyROTI2kwnTEwfbYvibshZAMgdMonZmnMps0YFG58NuaGIpj6JTDet8aSVQEcYmDCx0fXzxoQiqTCGodvL_V3YoSz8a4D23kXv2W0JKTTm8q-DWg1Q8Yi-JhWI6H32gT5od4hkNMCBpUxCjFq1NxJYZ7drMPGF6e2Dntk3A4p8FICTSr7mcHSaHKo9M6e1c_ckOLXbcciFsp3vrlsGB3vcOi3uIxG0GEyfmDbapzjeOAoXvBgvMI9ID_WOeZFPC01XTEddq8WGg6q-eLHYyVpxQYn2qzRpSzg-fPprnXorUZJzzVlYMTJADX8aEU__uxj_yYKuVDRqXYNALXeyOaQ82QVn9zpIecMZmpQdMZcwMg0O_8iU5_uPXqC6cb2qNMKhxRYzjZMD3nk0pDS25HMwlMvr2H_XXzv5gVxm0IrCsDZSnHs-EcGh0Tx6S3Fy4ks-GzEAbchtDZugT54fzDo-d-h7mNesY3Rff9scY9JHzlyVpxxFJ1Ifh5vPOmDqJK5IIJydFnq9xJQd8NljgOuJtJr0ehjw52SRZ68USM-ra6ahfz1IeYvuctKEFT5OgdeHrwGZo771_uqpqeL1vKVhLW1WvJMrqH8KCRd_0PvaqqvyiMkxG63Oy5Q0jlOJLvWatZ4_lEqHPFCRa_J4k9urp65iLDYbZP0aOYNndRKJ1LDY5Z9dfVIMqAMLMy2WiIOoGgZUcK0gdXvmbDoR6L93ATpMa2phsfmB1DsToNusvCS7AwOv5sRbfXNcfrGgYknJ8N0JtMd8Wr9Lglh-59Gp5t6pkeuy3cZvXlmvv8nL-u88e1SQmrawaQuW_1-zD2yst2uQz_KmHCWMFx2zJhCx_4lPzcPwtwAIYEttoLhc2QdSo&sai=AMfl-YSR-gCUzW59N9Y0HmnpkSRNpVtHEmdg1ClaML3jZ1M1XUr_pIpd-R5Req-qzkJk2iP8Z4zHGLoktjjBflRzbdW4_WB1COABNGI_ax_9nzcRNIAUDrLoXD5HeLa5GXkgPBUAV3oOt9I1srJBa3w1jXyvYyygtBjdkb2IIL5WrLSVenRBiKKqS9M14mBbTQVTdc654XSRR4KeBYh3U_91Kqx3XnWMrovreQ&sig=Cg0ArKJSzAsrovmge3FEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=223&cbvp=1&cstd=211&cisv=r20220616.41893&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 20 Jun 2022 13:23:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 financiamento-imobiliario-casas-usadas-ou-novas-300x160.jpg
ioffice.site/wp-content/uploads/2021/04/ 13 KB
14 KB 68ms
66ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2021/04/financiamento-imobiliario-casas-usadas-ou-novas-300x160.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: a804d107a4a16e163efab1a21dc21cacba55f21bf7d5ab6ae9bc0fe65681987d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
last-modified: Fri, 30 Apr 2021 17:44:15 GMT
server: Apache
accept-ranges: bytes
content-length: 13700
content-type: image/jpeg

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0141 22 KB
8 KB 20ms
19ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 130426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Jun 2022 01:09:50 GMT
expires: Mon, 19 Jun 2023 01:09:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 35F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

43 B
781 B

37ms
37ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLXnfBDHqn4Ypa6NywEwAQ&v=APEucNUiXh497zbCOIaTdoBQ3ED-219gA1lEcvpgbfG6aL-8f2yx6E8wbI-3dHVotKo2pM37ykvitAUG7IwnpyM2FHHcgjGp3JLAAsTm0Auo4MwLfcUjikD5dZX0Mj-qOXniB5zXfaw_xH9UzJi8iOY_mO_iXIxbAZLyKVA6RIYzVloxWxqBFN8
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 20 Jun 2022 13:23:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 35F5
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YrB012MGguQvRQsKXCZZHAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1

43 B
781 B

29ms
27ms

Image
image/gif

23.41.168.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLXnfBDHqn4Ypa6NywEwAQ&v=APEucNUiXh497zbCOIaTdoBQ3ED-219gA1lEcvpgbfG6aL-8f2yx6E8wbI-3dHVotKo2pM37ykvitAUG7IwnpyM2FHHcgjGp3JLAAsTm0Auo4MwLfcUjikD5dZX0Mj-qOXniB5zXfaw_xH9UzJi8iOY_mO_iXIxbAZLyKVA6RIYzVloxWxqBFN8
Protocol: HTTP/1.1
Server: 23.41.168.244 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-168-244.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 20 Jun 2022 13:23:36 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEOCO3rMan6mSMklALwMUA28&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 35F5
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1

43 B
1018 B

28ms
27ms

Image
image/gif

68.67.179.135
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLXnfBDHqn4Ypa6NywEwAQ&v=APEucNUiXh497zbCOIaTdoBQ3ED-219gA1lEcvpgbfG6aL-8f2yx6E8wbI-3dHVotKo2pM37ykvitAUG7IwnpyM2FHHcgjGp3JLAAsTm0Auo4MwLfcUjikD5dZX0Mj-qOXniB5zXfaw_xH9UzJi8iOY_mO_iXIxbAZLyKVA6RIYzVloxWxqBFN8

Protocol

HTTP/1.1

Server

68.67.179.135 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 3f5d7105-778f-4aa6-be91-e99da18c612e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEJLPFAo1HDDQilfBeZDVXkE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 35F5
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 20 Jun 2022 13:23:36 GMT
X-Proxy-Origin: 149.56.153.181; 149.56.153.181; 550.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: 100f6668-45b8-4e49-8793-a37665b74cd7
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjIwMTM4MjMwNTM0MDU5MTkzNQ%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 America-Latina-se-tornou-regiao-mais-quente-do-mundo-para-300x160.jpg
ioffice.site/wp-content/uploads/2022/02/ 7 KB
7 KB 68ms
67ms Image
image/jpeg 50.116.86.29
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ioffice.site/wp-content/uploads/2022/02/America-Latina-se-tornou-regiao-mais-quente-do-mundo-para-300x160.jpg
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.86.29 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-86-29.unifiedlayer.com
Software: Apache /
Resource Hash: aae16c1e5af0e8ec61c0233555059bf3132cc5d7f68706d06255a7f6d3c76043

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
last-modified: Fri, 11 Feb 2022 14:05:06 GMT
server: Apache
accept-ranges: bytes
content-length: 7444
content-type: image/jpeg

GET
H3 200 container.html Show response
6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7FFA 6 KB
3 KB 20ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022061301.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ioffice.site/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:35 GMT
expires: Tue, 20 Jun 2023 13:23:35 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 138C 170 KB
59 KB 75ms
23ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Origin: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 04:54:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30556
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Jun 2022 04:54:20 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/ Frame 138C 8 KB
3 KB 19ms
18ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D4KHSuPP_gWWdWLCt-DqzO9T0iMUGtio-LHRvNayHFQ-O9b-w1B1YGPGjEm-pM85NfIqe90MWqNcvsOrhr16ZZsxS2h6qsGYRCcIaNB7kBUQbwUgCFozsI-w7-irPFXcHyoaCRFYExxYON8pJJGlBfbQA5cg&dbm_d=AKAmf-CfAemIyDeM5G99hQF6ZGnpL2ivIZwy7sanMniYgZ_5O3tiIS-lIVeIv0sASwI7cAUdMtbaoYnIzB4W0uyHhRdjQGfUFGTLmaPVn0BuSx0dpY1f9rqRvNTMAgJZstG5rYkVVr5ycTUjT3Qd8LqI6G_SNJnAdYDgV8_H8To1BYaBnR7wd9uFOZyiraN468yWKZqRIfYd0LQxrefa9DQwDZAYEjemgu5whzgluZGo9jfoF8gROylsHKXBYHEJDUjp9exX3VaTyQDCMHJ0Ka4z5a0I6CuvoTGdV0chhLG8Xl3pNK5lWFz7KYQoxV4yJAegumqtJi5b3_PGcgu015hAuAZ7A1N6VgS6mUtL--xDqUG3rLtRGP_yOGOUrLmgfIUgoIK7MhmRJPL_yVo0x67f2m8Q9MBYz3EwCRGI9QKuev6GNo3DseiJjPfvjT-3XWK8POhCjBtFbcdesrKjug5cum5m2rtvdow14h7XsE3RI63IApDfuytqPzD_5nL4GVKFEreIFEi6iduS-Yp38Fjquyr8Q30QZXA1NvmkwQc4_fDaq1hUsku2Bb0ff7Pfw1vX17Z8HPZ3zQWkQIz0Yd6PnaIOhazuwPVxKkb1P1MKDkJoYQ5XRxEXUlFicWivB_gfjjFAr9o0fU46Wh-Di_GFbHQWB4oAI4pAiRyqUZgsmXAe747sTv-7U-vh1kFSVCPMaqHpzb1IGXOpwFLXbA8t6gJoNtkd7Y6HJ9BFBQzk4XJPnt4dlyl1AL19E9WAgcbVQvWlGIJd9DSOYDc4VHtIOgWb4WDg3jSKKRfrWLU5W16MaJnRWlAiKybRtMxMWqhYIPLngwqWjUM75LiPsu4rcHBfORN089OtpoOkaIsJLp44_cdRDPKbWlKGl6vV09xRntsqnQZCrAqywICZfc1pfDnxzs13-Y60IoMlhAP8zrEWdaA1aEW44pZYVWA_XXRgknXdsDW3UkFG7Y6CXcYb7PlgG4-8erYLFZZ1Oelqa0ZdsoRCcI6B4zpzBfKvQ7jZM1TTQPyTciF1XhJ_Oph09Z109DnYPVdSZiEK4GEtW2vkAYQShml-EsT3cTdX9o7sLB7RoeO-HkFuG0y31xzzalFQtT94dBt1zXDeqhfhwrn2bvGGZNr2QDhmEfdcO3jMB-ZdphgiCF0KVO9rMetEmrTGlGcCbN4qxIIxe_MmANobL_OiLrNknCVZ4B18sX_iMwFR7Ei1W0KxPySt-x71bHTAmxE84JHr5u2ZKWnX4orav1qKqKgWNH59_y9v_KZCsgWFkFFubdDvTEsCbGkFUkuqSrT-Cp8nEQTIFEAjKdaHHx5JrJN3e8u3HHoA7WH7_-nnyPxqAALdUT-ZejiwNZf6GGDKiXGHoVdC40VhPpcF2T1CMp_NaA1lX4v0C9aNs29qiKFQZWRjfIAUYbmOhxfTzIrKuCkpo6PIR6FgDjxlHtAKxbWqH7wckbh9QS4vGDb6VEPqyrHRoU8gKXgr4DNmaxg9dygTwkpBRIw-UUUxT448cn5s-_DH9ewWerXebpbEqbLyUlKqux4n7qklNQ4WY0yfkiEVuz65jgSJWBsrNrZcpbu-X-12hCdnHA4krj2NuAmkXgYTDgp87mqI-0z9XDK3g7iE9O1b6GeFURG-_1dqy23tTzkI3-9B5zpEMbhrJaotqgmjs41yLMHZyPYV2CxSgMFz5smKWmx4QaSZwBhylzFVrz0XgzxEo88XRcXbt_pTXkxJIcFn0mPoN1J6NVra0RLLZUCuJzozxUGr4hMVTePp1ivIfW1Y3R9jGHJmvC2jC1wzOVNV3tUI_VStBLd1zosdH2AYZc_weNJcpY1hbDwbeLpg-w6Pp5d9XVyky5muNmYJgqV8Z4DuEXkgPyjSK2y3SQ0Dk32RSpfUgn9i-UMe_ya8XqPG9L0AX82Ad1m8qpq1rPHK6JcYhBBpj-R2D4sm5TnzSmvlZW8bo-CMjzOMCG0-RB1HjRBMYB3DMs7ZluPdMfhsHMDoNiuPkpZ-1i9oXf9rSclS50GR7v0c9GVMstD33TdR9iBQGDr5ToEWiPPodi_lnGm44876AKUcW7Rw4t9YM1Fy9PqARjNs-aqt0pfK8o5obvqJHgKgjAIgDpZ0ugQ3VCJEySWY0PxpCukJUJsTxfUTPvKHmdtZ5m2_tnwn0JaW4iIPFVV21h9pQGAc8h85r1YxjrOgYGgUxhb5oLTZVEjmRLj95kHreWEHo0aifA01e7_4JXR3jxAQghtISsZ6KFJ3iNhh4SVQXl5TEmyroeiagl4HfnuOSzLimbEXHvUvAMDPd60u2iM69BwiZvEFut_mTk2rszBznR-8M6x6oypqFXdCrUX_t-1igcN4-BwTGokb41-NKzbWMKmUtTfj0Qrr4p_8spmSF56gZgznNzYYN4Lg07chNefRkGo56SUaVB1I-Jx8sYoQQTCr-fJyDPZIU25POCsWAYKCtWD-1nxPp077C3uflEjNQdDiun5hsPYYKhbo77gIJpUQL_4CSA1VxI-VW3WDrERQXOrgF6CFIIhJcpagw53dlRLiL5YOxAG7IrZtPWScHP56NaaCgdvpRHGMAAhMIfIcAnGUnjlJEcAKsThY6sIoTrxzGVmCDYVWGClIylEgPd59U8BLfkVIEZQP60Ym6q8uBX_abdYvVALjPf6T9TWOXtyW4xBfBMZeslM1WhPAm3fSRR8cGAfvrc4DMETx49A4Tc9sbTtMnvUuOxu6WSBo3Rir0XYcXy4CJdGmzF3w-bUM-MNpVPpthEpdYVEYBMhmrif8yWwj9dRHHpC7z7OJ1SAkxhrmv3GpyAN_oQL0Mtlrp8e9MiHaNq1lU9p-uG8czjpws6OyoN-EFY6kO1FF1gj3Fhc1bVVj2ywyVkSGRITH51-j4qwuN7dX_uSL7gvizkUScnGxstsn-x8eACnoQtZRjSKh5NwkLI-W7VFN_OVmhPd88XvsNGpCaQvIe1iXcihoXdCbkbQvvfBBJbAt0wvC64m-lFRyp8Na6uAukXjsHrYwZvyXTwSgjhJHq9LUhXdkmzUvVDxW6pdobTxjTrsjH2SyvxtzyLgC6HNG2I6f6oRWIr9_T8OhOxY_NTRnsLfO1E1eSikpa8BrBfsezInRwoeklkr1oAyTg1hD63enMLXCUMYgwsTnFOOIi009aDMCW4UKt0K8FnOLvqfPfiSG8rIf4f58H6rXhmUXtftNotZaA3amZrdeQLWvUA&cid=CAASKORomU6PW98A1GKB8LuLZSBtZ67Mt347310uehlv1HqngbDv80efpwU&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:17:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 138C 27 KB
10 KB 24ms
24ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

502bf78db333356f428e459b0dccdd1974dcdf0a2211c52fe45cc10d6f4a6246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10546
x-xss-protection: 0
server: cafe
etag: 1672864604874404814
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:55 GMT

GET
H3 200 DcmEnabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 8A3F 29 KB
10 KB 25ms
24ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/DcmEnabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 11:04:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10136
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:03 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Jun 2022 11:04:15 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5E3C 640 B
318 B 46ms
46ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCX9ucBGPH3hMsBMAE&v=APEucNU2YFREJ4ELjoJv3gQynE7IeJmIzpCxfch6soESuOpB8PZwnTtwGQCacSyqP01IAWctHmsvIsI_OqIeln4uxz-BqxiVFvdbP3i-jIeFaZequvhUe9aLNYAgBGS7c1An-xh3-GZSPTfNMsowZFjDNqNnhgJLEK-QkQhSIWU2rOCU4sE3xRc

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 295
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:36 GMT
expires: Mon, 20 Jun 2022 13:23:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7FFA 78 KB
33 KB 68ms
67ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DiCSbirTQAnDx-s5f3TMNMPhUgXqeTUjpR6_3DZfVia5RbUs519-Y5gbZlTySuHgoHlVcpI63Ph3fVoZ6LZgVVwul5l37pUv4-GFstNYrOTA98Hbllfg59Nf_axCQg3IvAxCIUxawYkVD-lM-pqtuazmh01A&dbm_d=AKAmf-BXkErZZ0RQBNPs6O2RPG2HctH4uEJLWOpfAY7hASn520X0yrwXt845Bf7jbUfEwRIWVS3uhEMXVMSYBBkQ31sfe0INHCgnXPoM7pRw1x0tocvrYczkOfhjwed4pjBfwRyfjMWDr9m2yTfVwySAezI3kw4GA_JuCcYM_6A-zXmCTKEvvz_JF3tb-VsoE-y0-arM62gHT8dqvYbBhLtFw29BC9bSH8wR0ftwC420_9eFaBag3ewlJPnmDfb-aHoGDrcId37aAi1wsnV5d-ktLDArGyxx0laAl09nVBjuObVZLFKNnorZDato-GhTWINyFkD1d7jcO9p2BExw-4sPCSSC4j7rAfBdXrbER_jFL0iCB88kjE_Si2nOey-8wXKJOsCfWwVGJnFzdMq7ORUwZmxEkda9VWJn0qlhUs7m_-RXWmpyVZ7yRVoNdem7_O6gcw_PcAiOhdIfpPbNctJZphgObtp3cxWx_a41vMmNz1EA5WmW6W7LByz72COGL-fNbKGog5b1ANol9A_gjkI8Vuco4FDF9iEDBRNdARGnxctkKhB9WNMZLh4Vqo0ld1wALYV2Dev4DDhLjtO3csnnORhTvbXFZhDh20yBUb3uivJRWVCm7j8kyWdaQdjCMdkTLniqTPeTkp-6XuMlP0WjneWTCmxQX8T8sd1Ogpkyc-07--2dkWZVR9vh8cyd_4xZrU51L4zqUVH98OFYeIynrDTuYDu3E9X7YVxBdrtPRBUUO2H8CfVbFOLgRS6-eKuKtD9KXGg0YiWGnCst6bKGObZrbJQV2GxOfG6B5OzwUzbO73eyP_PPYGehqZAPfrgPHTJqAGu2c9QEeCJQyfSaX6pPLIMC_pg858-7GFPiCnV-J8crlwghcQsli2skmfvRsZKONoqYxcFZ_qUkPdUS3NPXdER_1FaNrVfeePUgQvbe89S1MEhJ1EK5ur4VmzWuXa3EMLeEjDsFhnCjPMfgDtAIRhOiyMsAFT_bht64tlC4nzWGTsuUEOzlUuiOEd1wP1uQsF--399i732tNfHVS9aIf7tEuR8q1SicZC_WKorthABE3zbQPVhkaXVXSShnpmiJgtTK_ttunVkp9NlMr818ziESa3zb7IvO5a3UfuK58S2hK-dTRiFfLEjSmk6CJ_nbWLyXEKwtFkRWuY4bsJt2yhDgGo9n1ri2qoWUMj6n-jmYid5xjXwgvm3AvqGT4QG99bSRuBf4b5assqzuZXEnY20ltbNoP4IGmq7kG7OY7V3jedSWoMg5wDUes5Nu79KoeJmydlEA2liU75vM5H0zTQ8vFjoHTKZ0-pBl2VO__CffczsBeET7TMTmL37xx7inJcXoKQfOl-B6t1FBL_Rsi5pwuNELw-ogPyJ9SRiUpJZk1LVLfRIlmPr5eWl7DuHgPSXKvQERb0mapmFUZum6nYO26uc7TicWdFMA0LgQyHO1tCdGXECZf59f6E4Ur7n4_a0eYEDlddYJuw5RoY_rmkWqgkKVDzrrWlZn2XKHkC4jNQiemKKUucXiC7_zY91JXH1ukGkc-_o1EIiiBAQiduEsWp1A9ScuG5D6JVXC3OVNK6fobpmLD_rZ4lw5qmxFTVVJ6Z02Wg5uoNp8nnXh3ddp6nn03RRNF8s0ArGyz5HMuBduJnn1T_Ej-_YimokYnWDrUQ3YePOf3nh8d-2ka50D48SsjfPbHquPxwvdlBc1-MVVxt0v0j092yi3h0HbK4VR1R3g2zZ8s2U909q8yaEhcj9g0fbGFUbhsMrJQL5WRlQIXwbSGNZ9ohm6UqG7S3JIiAl_j9zR7SEHPYrGA7Q4hQngjL-pwB0cCDXhDYO5zjLa4dW9PM1ERbpmUrWz4FpLIBnITsxFYd2zaqgkAl2KrL9rfsTHHEm1YW2eiRil00uJTcnc80IFDnyVbhOc1B88pO5cjUqwnx27HkMiRzED8kF7adWB6iDbLyfhwktKe3Y2ZrsrZFqDw-zkODpY6eqoDC_d0ZONdoGgY5Glf6tRcBE5HR6qhMUbpw17CAx6voGbOt0OUZcl3ttish-ZzTutDgxgaiU9gSFcSDyXbK8gaYJLnalkWA6L1XxbQhLb-FfmB0rEyCV2SmQmB2IDOwFXbDoMHzLUmXr-sXQGbHzxUXAlt2wD8cZudGwC7FkGsg765Ba2yRSg0dubXM4hsTgaq5UDwgQixSskAN8EnBPcRFuWu4vKSh34e_qKzrnCg6un9nB2ynWKvthS5JZ5bMxYpJJhyzN6QAIEY4J_nEB0dggX8452JUq00XDCots1RTAt_4W9BQxK6MaXkVONt3ircVrCMX07fp4xAZHTTwwx7O9gpsdPxS22GPU-bKd3RKdR3YHDDhJr-uFUUSmPDIYd0Ql4VacNfBPvk2dKawP4dFRsDaB648fFrEXIfSVWswQhymgMSLGFF8IwhOkyf0bApkSMripgKtW1KJYdbQEGqngA8qpQoybSDMgngCDYouloMUCBtrbL2bL_kBnPKrfX14_qEbbqvrDoqp6KBwdj0jI_gvdrUmg_BRbRouX7v-YswBlcPyXOOuZURjdaqA03-YIvrqpVBLmAb8A5rzU4nmgUDjui2cZ6vQaPbOhcBPDmovo8nai1rgTiW0X87Ks7_vz4NvHxSLXlDtVLyYv5cbjrMsdnOMiWBt81sh-LCsnU6UeL1qcAsv8a5hmEtEQoDiwi0FfVEvokqEDQ2zuUyN2szoGWUZ-8TTSrvkBS6RxLb-dNX8GOgaSuFqKVlcLpE8O3wy-oB7-jiPO1_e3Lg5UA2XAPVXsrRERyXXRUNoqE9oooWL5HeVlNDR6ocxcLxmxHtvk5_b8rHDjRIbH5mQxYjXszks0eV7GQ23Gt135LeaWOv86OcgMG-jdJfEKjlP35J6FwwfNnLqhCyoG5RuTHLgG12ZsZaJICXoCQv-ngNL9s6auImAh0W7un1iEWc3TSkwORNmCC3Y_vNGgQNaSe2-3AZz3tTS7Z2i-w--2rurZ8pREWInBvW2jAWJUWZfeH7799PooXI4b4Hwrswh1YWYfrBTdZaFfikmTEO7M&cid=CAASKORo-8ZxD4kCkUtatCpaCP5csRDd8RMijSuoRbGEtmZjzuMBt8M3emg&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dc3bb69d6f01970f16fd82d70349efb71e1c8a32948bb4f940ed0561aeb8cdd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33270
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7FFA 42 B
63 B 81ms
78ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C9DHTmzyw6TtiEjk44KO3Cysj-De_xM8Mz5gO84O15MB6Z090VSoaykBCqdD412ku9DK1kpXTESW4oXxU3Cmhn9bF9WXcuTOQ9--2XZpzQ9bzXwkM

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 7FFA 3 KB
1 KB 22ms
20ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/window_focus_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:20:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 197
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:20:19 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7FFA 137 KB
42 KB 60ms
59ms Script
text/javascript 2607:f8b0:4006:821::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:821::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d43af314f4a32ff8d1981c5319400f692c2cab96494705a9ec46cb1c45483ee5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43182
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1655318790223595"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 20 Jun 2022 13:23:36 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/ Frame 7FFA 17 KB
7 KB 21ms
20ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220615/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 108
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7312
x-xss-protection: 0
server: cafe
etag: 10280116914265038571
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:48 GMT

GET
H3 200 soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0141 35 KB
14 KB 20ms
18ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

b282508d53045b3f805b6697d9c106215798fa6a836e52efb5bb664b72b2342e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 340354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13867
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:51:02 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 138C 41 KB
15 KB 19ms
19ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Sun, 19 Jun 2022 01:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 19 Jun 2023 01:09:50 GMT

GET
DATA 200
OK truncated
/ Frame 138C 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9d42299ed9adfc54ccd0038b53202bc39beb78d240de51ca811d0f8b5e4d67e7

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 1694 0
26 B 94ms
51ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvhJG-XbL8MueMjCu8uUD07aV2JUlhJh8u0ueoub-Xa6OrmyiYtFtTEKjGMhKu01_EWmN4Xc0b2klebyltM0Hd19BErcyyCJhrsc1ovQzR8DnVz-s5pEYl85ZZ1vw-sW-ZinXlGiYbVkwGkfADTgR5mTFoG8wWspLkMQ1cPgbRtjDHO6sVhXODW5GcLkrqAHcF20ZQ8D7hHngWwTBgX3Jd4PiUiZMnXJGzuUX8yRcBL6Ib9m5Jgp1ZkMY0NV5ozCbCOD-1PHt_rL06arPOjBnl-B09DNrMfLL8Mo_bQEEiyJ6PMVBq3P5YVzKDmbPSNag9Zw2PgCZiwdO7YAyIzwyROTI2kwnTEwfbYvibshZAMgdMonZmnMps0YFG58NuaGIpj6JTDet8aSVQEcYmDCx0fXzxoQiqTCGodvL_V3YoSz8a4D23kXv2W0JKTTm8q-DWg1Q8Yi-JhWI6H32gT5od4hkNMCBpUxCjFq1NxJYZ7drMPGF6e2Dntk3A4p8FICTSr7mcHSaHKo9M6e1c_ckOLXbcciFsp3vrlsGB3vcOi3uIxG0GEyfmDbapzjeOAoXvBgvMI9ID_WOeZFPC01XTEddq8WGg6q-eLHYyVpxQYn2qzRpSzg-fPprnXorUZJzzVlYMTJADX8aEU__uxj_yYKuVDRqXYNALXeyOaQ82QVn9zpIecMZmpQdMZcwMg0O_8iU5_uPXqC6cb2qNMKhxRYzjZMD3nk0pDS25HMwlMvr2H_XXzv5gVxm0IrCsDZSnHs-EcGh0Tx6S3Fy4ks-GzEAbchtDZugT54fzDo-d-h7mNesY3Rff9scY9JHzlyVpxxFJ1Ifh5vPOmDqJK5IIJydFnq9xJQd8NljgOuJtJr0ehjw52SRZ68USM-ra6ahfz1IeYvuctKEFT5OgdeHrwGZo771_uqpqeL1vKVhLW1WvJMrqH8KCRd_0PvaqqvyiMkxG63Oy5Q0jlOJLvWatZ4_lEqHPFCRa_J4k9urp65iLDYbZP0aOYNndRKJ1LDY5Z9dfVIMqAMLMy2WiIOoGgZUcK0gdXvmbDoR6L93ATpMa2phsfmB1DsToNusvCS7AwOv5sRbfXNcfrGgYknJ8N0JtMd8Wr9Lglh-59Gp5t6pkeuy3cZvXlmvv8nL-u88e1SQmrawaQuW_1-zD2yst2uQz_KmHCWMFx2zJhCx_4lPzcPwtwAIYEttoLhc2QdSo&sai=AMfl-YSR-gCUzW59N9Y0HmnpkSRNpVtHEmdg1ClaML3jZ1M1XUr_pIpd-R5Req-qzkJk2iP8Z4zHGLoktjjBflRzbdW4_WB1COABNGI_ax_9nzcRNIAUDrLoXD5HeLa5GXkgPBUAV3oOt9I1srJBa3w1jXyvYyygtBjdkb2IIL5WrLSVenRBiKKqS9M14mBbTQVTdc654XSRR4KeBYh3U_91Kqx3XnWMrovreQ&sig=Cg0ArKJSzAsrovmge3FEEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=461&vt=11&dtpt=238&dett=3&cstd=211&cisv=r20220616.41893&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/ Frame 4E86 113 KB
28 KB 39ms
39ms Document
text/html 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

337f6a5456fca744a0de5d36eaba1bf047b9603d2b514929da73d39d0f9739c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3000
content-encoding: gzip
content-length: 28831
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-richmedia-studio-eng"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 13:23:36 GMT
expires: Mon, 20 Jun 2022 14:13:36 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"ads-richmedia-studio-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-richmedia-studio-eng"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 138C 0
27 B 78ms
52ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsseIjXQAEM4JfzN7hvrMaWivRWdL6zVcGlyZZEO2MaHtieHeaKyUoHNns7pnX5QKc_IlWP7d89HytXuNEhMbum85mfZptgoFM7iuPI7NbFvYO_Y3Kj4poe99vZHrZHHXJ45pVm4_Q9DfLD2xj1Px7Bi7d4f-huT9yKVBPOBMk4G7wGUKG972fBq8bfOR1pt8a6fa06FRAKZxEYw047X6gM862azdbjONbI1Wdt-EC5ZQToR9l764rTD9maBcfcrOPwFkEGLv3LfyN4umwf-jPjeoA1K5T4QxMa7gWwePEcssL6Q3YCgfs2wgtsbs3rsV0g1iv9YS-mQF6g8oSnfOCOxfbJNykIpxSBcjR9yfofruVuP_BKEKSFwZcHDBvIxjanC8lS85FAO36EDouwqzn4f11LDsDc24CwTCU_rDvjPdrn78lo-7FBglpOyPtP_p-J02sJb14lKIxXgEadJLidzDLUPMxLmDMOOeMjcQZyrkOWBrSbSbT2DtEy2-awGtN7GpTU34XOlhW8lVSPzEMxrRq5JbP-cIa38mazIf4f6_61kLnAAVQ8WgZ4VMQJcSiJxm-sLqgVu4xwbHWtNrGyC2Vry1bUNtY5O0Dmu4vB-SulZ7Bshw35EyD0ovcRugNEC7f_4er7HEmqEPh3InL4KXPNrVagGZK1B68UCT90nQpyIVzvPajREV9sH9cPhH63iBpAkK-w5Xg-5JxuO-9zyWhF8Xhinfspvj8db8tg5V01X1Ia_RtMq999rfSuZoUrrNRREnIV-tiU_LNhar_-N7JHxaHRhB5Xxk2zR8t7h_S3ZbZk4G5WlRFDtRYWEm14lVOGomWbk8eRMEgXkV0YUx_XOj7-n4CevhhDJeQGzQoM8_Ifef8zzCDtQXG6IjSPyIqIEsSv-OfZ90mKRepfhlTCJVmZkpxpwwqRlf-KacR79KmZesg-t8kj5y9DnTmEb71N0ZQ6jvO2c5ubV7M7w1e5W92VQ8wHX-HMn5KEMSnn4LdINh5P0yt51VJIlgXFPtpyFrM-_kxb83sDps7ZFqGUkxlIIYPqXWkNNOnpeFKsBkKFMUlowaKWUYq4D2n5wlJUBGGs0MCHdCXvOr4I3cB3Y7_TxaecCXmPxbze94vgMz-sbDDQ7dDKIxM6_GMPz-96VR9oBaNli5qeMppMfwuACSD1h7GhPH42Hm8u6dIWh-w&sai=AMfl-YTRAuKni6y7F-SupMELB0pWu1J2FWrkh5VTeLJpRyvY-s2zxmDQw6nY6u1MDjWl9BlEnGbC_ZJVgNXvQ6g6X1JUkhSb62u5NSAVeM5YW1RUwCy58wNBZCJ_fqt0IDhjKuM94Cc4L5gjnGe3EXKDzS_VwU7OOOnlskPqWmzjdOUhFw5VZX18ZEb3MWanGhu9TJIpJ_W1voUhELoiPfs8oCel2CCGUTb_NQ&sig=Cg0ArKJSzDrHb9V_m4ZgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=135&cbvp=1&cstd=128&cisv=r20220616.99484&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 20 Jun 2022 13:23:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 5E3C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1

43 B
61 B

76ms
39ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCX9ucBGPH3hMsBMAE&v=APEucNU2YFREJ4ELjoJv3gQynE7IeJmIzpCxfch6soESuOpB8PZwnTtwGQCacSyqP01IAWctHmsvIsI_OqIeln4uxz-BqxiVFvdbP3i-jIeFaZequvhUe9aLNYAgBGS7c1An-xh3-GZSPTfNMsowZFjDNqNnhgJLEK-QkQhSIWU2rOCU4sE3xRc
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072991&val=CAESEHrjC5xzH7kh573EXy7p3nQ&google_cver=1
date: Mon, 20 Jun 2022 13:23:36 GMT
via: 1.1 google
server: OXGW/7f1e280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E3C
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTFjMGFjYWEtOTVhZS0yOTc0LWQ2M2YtMGZkYjdhZGVhODU0

170 B
188 B

37ms
36ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTFjMGFjYWEtOTVhZS0yOTc0LWQ2M2YtMGZkYjdhZGVhODU0

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCX9ucBGPH3hMsBMAE&v=APEucNU2YFREJ4ELjoJv3gQynE7IeJmIzpCxfch6soESuOpB8PZwnTtwGQCacSyqP01IAWctHmsvIsI_OqIeln4uxz-BqxiVFvdbP3i-jIeFaZequvhUe9aLNYAgBGS7c1An-xh3-GZSPTfNMsowZFjDNqNnhgJLEK-QkQhSIWU2rOCU4sE3xRc

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: gzip
server: OXGW/7f1e280
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=MTFjMGFjYWEtOTVhZS0yOTc0LWQ2M2YtMGZkYjdhZGVhODU0
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 5E3C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEIwECLwHk8EydJaWdINKe_I&google_cver=1

23 B
288 B

38ms
28ms

Image
image/gif

23.195.109.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEIwECLwHk8EydJaWdINKe_I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCX9ucBGPH3hMsBMAE&v=APEucNU2YFREJ4ELjoJv3gQynE7IeJmIzpCxfch6soESuOpB8PZwnTtwGQCacSyqP01IAWctHmsvIsI_OqIeln4uxz-BqxiVFvdbP3i-jIeFaZequvhUe9aLNYAgBGS7c1An-xh3-GZSPTfNMsowZFjDNqNnhgJLEK-QkQhSIWU2rOCU4sE3xRc
Protocol: H2
Server: 23.195.109.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-195-109-72.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 20 Jun 2022 13:23:36 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEIwECLwHk8EydJaWdINKe_I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5E3C
Redirect Chain

https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmVlZjI4YTUtMjgwNS00OGE1LWE3YWMtNjE2NmUxZmJiMTA1

170 B
188 B

64ms
64ms

Image
image/png

142.251.40.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmVlZjI4YTUtMjgwNS00OGE1LWE3YWMtNjE2NmUxZmJiMTA1

Requested by

Protocol

Server

142.251.40.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
server: akka-http/10.2.7
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_hm=YmVlZjI4YTUtMjgwNS00OGE1LWE3YWMtNjE2NmUxZmJiMTA1
cache-control: max-age=0, no-cache, no-store
content-length: 189
expires: Mon, 20 Jun 2022 13:23:36 GMT

GET
H3 200 CTA_1.svg
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 2 KB
1 KB 31ms
31ms Image
image/svg+xml 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/CTA_1.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1a9a801511b9e46426add8c7a5769f09b346f0b463cbb36bd0a00edd0281d999

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1000
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 Pandora_Logo_Black_CMYK_Print.svg
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 3 KB
1 KB 32ms
31ms Image
image/svg+xml 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/Pandora_Logo_Black_CMYK_Print.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

706517b48066f89e300293d62d80951a0d5680d8c3dcf027770638c75bec6bf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1060
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 Txt1_2.svg
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 6 KB
2 KB 32ms
31ms Image
image/svg+xml 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/Txt1_2.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96c3fcbcb276d4744da611b67b0af1161b4046db890d3ffb2f93270420ee2700

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2175
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 IMG1_bis_3.png
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 211 KB
211 KB 47ms
46ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/IMG1_bis_3.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25053a76464104efa0a5e43a5a564b11ee1f6f455ad9b2a9359dcce2ca90658c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 06:06:18 GMT
x-content-type-options: nosniff
age: 285438
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 215850
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 06:06:18 GMT

GET
H3 200 Txt2_3.svg
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 11 KB
3 KB 39ms
38ms Image
image/svg+xml 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/Txt2_3.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bb0e9bbf7cb14e47850eda6518396c9a3c6193dde1b8c7331cdc6191456bdcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2884
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 IMG2_bis.png
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 103 KB
103 KB 53ms
52ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/IMG2_bis.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07e5abb8804e5fc28e99dc962f2d2528f5ead5fdc9096228fb05d84c839a225f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 105265
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 BG.jpg
s0.2mdn.net/sadbundle/13415085865395068079/ Frame 8A3F 148 KB
148 KB 51ms
51ms Image
image/jpeg 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/13415085865395068079/BG.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb143713b526c2efae7f9304ef3e38933be8a76cf443e34dd2fac01d61edddba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/13415085865395068079/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Fri, 17 Jun 2022 20:27:39 GMT
x-content-type-options: nosniff
age: 233757
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 151907
x-xss-protection: 0
last-modified: Tue, 31 May 2022 13:52:31 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Jun 2023 20:27:39 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6B44 22 KB
8 KB 54ms
54ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 130426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Jun 2022 01:09:50 GMT
expires: Mon, 19 Jun 2023 01:09:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 7FFA 106 KB
37 KB 54ms
54ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Origin: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 07:10:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 22375
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Jun 2022 07:10:41 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/ Frame 7FFA 8 KB
3 KB 52ms
51ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DiCSbirTQAnDx-s5f3TMNMPhUgXqeTUjpR6_3DZfVia5RbUs519-Y5gbZlTySuHgoHlVcpI63Ph3fVoZ6LZgVVwul5l37pUv4-GFstNYrOTA98Hbllfg59Nf_axCQg3IvAxCIUxawYkVD-lM-pqtuazmh01A&dbm_d=AKAmf-BXkErZZ0RQBNPs6O2RPG2HctH4uEJLWOpfAY7hASn520X0yrwXt845Bf7jbUfEwRIWVS3uhEMXVMSYBBkQ31sfe0INHCgnXPoM7pRw1x0tocvrYczkOfhjwed4pjBfwRyfjMWDr9m2yTfVwySAezI3kw4GA_JuCcYM_6A-zXmCTKEvvz_JF3tb-VsoE-y0-arM62gHT8dqvYbBhLtFw29BC9bSH8wR0ftwC420_9eFaBag3ewlJPnmDfb-aHoGDrcId37aAi1wsnV5d-ktLDArGyxx0laAl09nVBjuObVZLFKNnorZDato-GhTWINyFkD1d7jcO9p2BExw-4sPCSSC4j7rAfBdXrbER_jFL0iCB88kjE_Si2nOey-8wXKJOsCfWwVGJnFzdMq7ORUwZmxEkda9VWJn0qlhUs7m_-RXWmpyVZ7yRVoNdem7_O6gcw_PcAiOhdIfpPbNctJZphgObtp3cxWx_a41vMmNz1EA5WmW6W7LByz72COGL-fNbKGog5b1ANol9A_gjkI8Vuco4FDF9iEDBRNdARGnxctkKhB9WNMZLh4Vqo0ld1wALYV2Dev4DDhLjtO3csnnORhTvbXFZhDh20yBUb3uivJRWVCm7j8kyWdaQdjCMdkTLniqTPeTkp-6XuMlP0WjneWTCmxQX8T8sd1Ogpkyc-07--2dkWZVR9vh8cyd_4xZrU51L4zqUVH98OFYeIynrDTuYDu3E9X7YVxBdrtPRBUUO2H8CfVbFOLgRS6-eKuKtD9KXGg0YiWGnCst6bKGObZrbJQV2GxOfG6B5OzwUzbO73eyP_PPYGehqZAPfrgPHTJqAGu2c9QEeCJQyfSaX6pPLIMC_pg858-7GFPiCnV-J8crlwghcQsli2skmfvRsZKONoqYxcFZ_qUkPdUS3NPXdER_1FaNrVfeePUgQvbe89S1MEhJ1EK5ur4VmzWuXa3EMLeEjDsFhnCjPMfgDtAIRhOiyMsAFT_bht64tlC4nzWGTsuUEOzlUuiOEd1wP1uQsF--399i732tNfHVS9aIf7tEuR8q1SicZC_WKorthABE3zbQPVhkaXVXSShnpmiJgtTK_ttunVkp9NlMr818ziESa3zb7IvO5a3UfuK58S2hK-dTRiFfLEjSmk6CJ_nbWLyXEKwtFkRWuY4bsJt2yhDgGo9n1ri2qoWUMj6n-jmYid5xjXwgvm3AvqGT4QG99bSRuBf4b5assqzuZXEnY20ltbNoP4IGmq7kG7OY7V3jedSWoMg5wDUes5Nu79KoeJmydlEA2liU75vM5H0zTQ8vFjoHTKZ0-pBl2VO__CffczsBeET7TMTmL37xx7inJcXoKQfOl-B6t1FBL_Rsi5pwuNELw-ogPyJ9SRiUpJZk1LVLfRIlmPr5eWl7DuHgPSXKvQERb0mapmFUZum6nYO26uc7TicWdFMA0LgQyHO1tCdGXECZf59f6E4Ur7n4_a0eYEDlddYJuw5RoY_rmkWqgkKVDzrrWlZn2XKHkC4jNQiemKKUucXiC7_zY91JXH1ukGkc-_o1EIiiBAQiduEsWp1A9ScuG5D6JVXC3OVNK6fobpmLD_rZ4lw5qmxFTVVJ6Z02Wg5uoNp8nnXh3ddp6nn03RRNF8s0ArGyz5HMuBduJnn1T_Ej-_YimokYnWDrUQ3YePOf3nh8d-2ka50D48SsjfPbHquPxwvdlBc1-MVVxt0v0j092yi3h0HbK4VR1R3g2zZ8s2U909q8yaEhcj9g0fbGFUbhsMrJQL5WRlQIXwbSGNZ9ohm6UqG7S3JIiAl_j9zR7SEHPYrGA7Q4hQngjL-pwB0cCDXhDYO5zjLa4dW9PM1ERbpmUrWz4FpLIBnITsxFYd2zaqgkAl2KrL9rfsTHHEm1YW2eiRil00uJTcnc80IFDnyVbhOc1B88pO5cjUqwnx27HkMiRzED8kF7adWB6iDbLyfhwktKe3Y2ZrsrZFqDw-zkODpY6eqoDC_d0ZONdoGgY5Glf6tRcBE5HR6qhMUbpw17CAx6voGbOt0OUZcl3ttish-ZzTutDgxgaiU9gSFcSDyXbK8gaYJLnalkWA6L1XxbQhLb-FfmB0rEyCV2SmQmB2IDOwFXbDoMHzLUmXr-sXQGbHzxUXAlt2wD8cZudGwC7FkGsg765Ba2yRSg0dubXM4hsTgaq5UDwgQixSskAN8EnBPcRFuWu4vKSh34e_qKzrnCg6un9nB2ynWKvthS5JZ5bMxYpJJhyzN6QAIEY4J_nEB0dggX8452JUq00XDCots1RTAt_4W9BQxK6MaXkVONt3ircVrCMX07fp4xAZHTTwwx7O9gpsdPxS22GPU-bKd3RKdR3YHDDhJr-uFUUSmPDIYd0Ql4VacNfBPvk2dKawP4dFRsDaB648fFrEXIfSVWswQhymgMSLGFF8IwhOkyf0bApkSMripgKtW1KJYdbQEGqngA8qpQoybSDMgngCDYouloMUCBtrbL2bL_kBnPKrfX14_qEbbqvrDoqp6KBwdj0jI_gvdrUmg_BRbRouX7v-YswBlcPyXOOuZURjdaqA03-YIvrqpVBLmAb8A5rzU4nmgUDjui2cZ6vQaPbOhcBPDmovo8nai1rgTiW0X87Ks7_vz4NvHxSLXlDtVLyYv5cbjrMsdnOMiWBt81sh-LCsnU6UeL1qcAsv8a5hmEtEQoDiwi0FfVEvokqEDQ2zuUyN2szoGWUZ-8TTSrvkBS6RxLb-dNX8GOgaSuFqKVlcLpE8O3wy-oB7-jiPO1_e3Lg5UA2XAPVXsrRERyXXRUNoqE9oooWL5HeVlNDR6ocxcLxmxHtvk5_b8rHDjRIbH5mQxYjXszks0eV7GQ23Gt135LeaWOv86OcgMG-jdJfEKjlP35J6FwwfNnLqhCyoG5RuTHLgG12ZsZaJICXoCQv-ngNL9s6auImAh0W7un1iEWc3TSkwORNmCC3Y_vNGgQNaSe2-3AZz3tTS7Z2i-w--2rurZ8pREWInBvW2jAWJUWZfeH7799PooXI4b4Hwrswh1YWYfrBTdZaFfikmTEO7M&cid=CAASKORo-8ZxD4kCkUtatCpaCP5csRDd8RMijSuoRbGEtmZjzuMBt8M3emg&rfl=1%2Chttps%253A%252F%252Fioffice.site%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 368
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:17:28 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/ Frame 7FFA 27 KB
10 KB 47ms
47ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220616/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

502bf78db333356f428e459b0dccdd1974dcdf0a2211c52fe45cc10d6f4a6246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:21:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 101
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10546
x-xss-protection: 0
server: cafe
etag: 1672864604874404814
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 04 Jul 2022 13:21:55 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4E86 4 KB
662 B 117ms
44ms Stylesheet
text/css 2607:f8b0:4006:807::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:700|Roboto:regular

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:807::200a Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0db05d788f42780ee838be3cc8c564c76e9122967c084e08091f657e922d524b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 12:44:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 13:23:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 13:23:36 GMT

GET
H2 200 gwd_webcomponents_min.js Show response
www.gstatic.com/external_hosted/gwd_webcomponents/ Frame 4E86 17 KB
6 KB 117ms
54ms Script
text/javascript 2607:f8b0:4006:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/external_hosted/gwd_webcomponents/gwd_webcomponents_min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:821::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

124c07b4e8796fd121878e84b052e054d9bf8d1049180a88667ba9e9f2083daf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5622
x-xss-protection: 0
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=0
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 20 Jun 2022 13:23:36 GMT

GET
H3 200 Enabler_01_238.js Show response
s0.2mdn.net/879366/ Frame 4E86 106 KB
36 KB 26ms
23ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_238.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80c7fe7749a6e8c85fa6473e7bbba5c5dc6ffe20a86036de26d91bd4b9a4e8d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Sun, 19 Jun 2022 18:42:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 67241
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36751
x-xss-protection: 0
last-modified: Tue, 11 Jun 2019 21:21:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 20 Jun 2022 18:42:55 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7FFA 41 KB
15 KB 24ms
23ms Script
text/javascript 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Sun, 19 Jun 2022 01:09:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 130426
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 19 Jun 2023 01:09:50 GMT

GET
DATA 200
OK truncated
/ Frame 7FFA 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7dafb52df8cfd55b4597ed385496f1894205274fd4fa8913053d9ad6c39512f3

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 moatad.js Show response
z.moatads.com/havasfrorangedcmdisplay758646212611/ Frame 7FFA 324 KB
109 KB 95ms
19ms Script
application/x-javascript 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0eba0a65dd4914fddf8f2cf3b726cfce86272b3f51d3f65e57a654fb0ba97a48

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:36 GMT
content-encoding: gzip
last-modified: Mon, 06 Jun 2022 15:46:43 GMT
server: AmazonS3
x-amz-request-id: TBGK0AB384MFSE3Y
etag: "e8a41a46e3783359b85e51392cbf4e98"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=18040
accept-ranges: bytes
content-length: 111139
x-amz-id-2: fDwjEwZpG4Xaxtpy2vWEOh+ZVlFGTvlIFQAxEIyBB1sRVgdvlfs/MBU4wNVXycNPiE4eBoqu2Fw=

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/15999276537831169285/ Frame 61D4 10 KB
4 KB 47ms
43ms Document
text/html 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b92dee0e482b649ca7b6f6de063be9547433795cd6ebbb39924ed8cfac711017

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 12169
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3777
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 20 Jun 2022 10:00:47 GMT
expires: Tue, 20 Jun 2023 10:00:47 GMT
last-modified: Fri, 20 May 2022 09:09:55 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FFA 0
27 B 48ms
46ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBQhuc9hHk_V0Pi1T3pSjau54uEHSLxmNY-PmsXyUfbuos6uHz2lgsqdq-JI8vAP4T_3ylr7ryaFh0t5r7NyQaBtOpama4_nH94F-YswgccuhyRjb8jQ26orNTW0-WP1zOEIf7WjoMdnMVinbimnyud3D4MFf2OAR4dSvq3ZTzkDooVdEyka0ggmTL-82q5qnn7euIVrdAYxNN1wEOdbBkNxfQS-Z6TEkudqjyfGCWsCO0EEvp5HoekzYEiDfJ-VUSyaOkx5E4jlvu-hK61xMVhPg-TvI62Ju_og8Pc_1QH3JunMdJL3pL3z-Oa8WWmoyJoQWVCChB3Y0hIkCRBbwkyUDUAzyF6sMzmhRKCxo3sKebBzvLdiFj2DNug2yK0IXfvAj_9XMu6vub9gxPbk1dUkNgyM4N4a3bqRNUZFyMfXzrtw1dAIOkCxt8EgPar5SDYwTg3XCznCjG5mE9tfYBXXmWAh_yems1A4zNSXdbijjSIdZ1OPX7pPywmWIz_nBXRvXzX2_xmFdqNp3Eu91leYljzT942a-XRhhTHhekJr2400A-S3l_Et7_Mn2B90H1c-f8tR05R_-oefXBuO3F2mRT6oqEGjn6aZck7Qm-WiE9hH8bGOARcPlk15zk8aU3U7a7dX6aZyYj1YHxH3PYu9sSLbg2pnLl1a78P1yySYlRB_VlkgWtpYWIJFuXKqOAfi7-eXTYkhK_NZKe24a7e6NZKm7Zrym-3BzvJauHp0Pz8jb8gdevPdl93aulMxBY9vE3Vg9pAX2dCoNBh0-F-oCyql3p6gwCkSn9_159M5n79xe7q11_aJJfW5CquVbsd9ASA9tewrklcuTl2CeKy4ddlb6NB5A8unjEqt2ZOh2oZhAiIU4n5SaEmjpiPfUtRsdJhfVyO0dPL7j1wyK98Zs9cIglNYXrCE584-PS1eQNA9qMfBIUODaU_unIsJWIyLbA4980IljpNI7mTZqTIIb8uZCou4_R8-t3_Xj8vSswVM9NITqt25VxlQmijcWtCA7zPbilpffV3zjhoCSOrOU2mqG3cm8d09p-liZ1cm23jQ1YUuPD898S213BGYXcdUpXmZtjIhrxa9N8mQrFG6LPyxVvF0jWZYSz7rsIeIOL-U-L-gClHO2WuR5EYMjo0u_rTdEfXaq80ln8CMiVEw&sai=AMfl-YQ2zc-glRDmO43vvLv9d95U4qVCQ9nkoy6yAVipsv4moG_gJgOr2PW2-Vusut9UV1lCny_ElzqZE9rHSOKNCa-DOC3Jd9StiaNIGxOFOEsoNAKVGmrT-4FBCiN9nWmTHzGooKfuAASZ70eePFcVG-E-pqcvjHtAk_HWDVLnzlEBdV3feEXfoRy8xkuLLnY2Z7ZUMRxjqcA7TCn4lH-axz1t4gniOF-SfQ&sig=Cg0ArKJSzODq8EA_8kdsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=161&cbvp=1&cstd=157&cisv=r20220616.00833&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Mon, 20 Jun 2022 13:23:36 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B44 35 KB
14 KB 44ms
39ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

b282508d53045b3f805b6697d9c106215798fa6a836e52efb5bb664b72b2342e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 340354
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13867
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:51:02 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1032 22 KB
8 KB 28ms
20ms Document
text/html 2607:f8b0:4006:822::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::2001 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 130426
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 19 Jun 2022 01:09:50 GMT
expires: Mon, 19 Jun 2023 01:09:50 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 styles.min.css
s0.2mdn.net/sadbundle/15999276537831169285/ Frame 61D4 4 KB
1 KB 26ms
21ms Stylesheet
text/css 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/styles.min.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fb86ab2e2578c1e168de5473bb5b7acc35c85b0191d4e527fc080cfa4c9cb136

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12169
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1322
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 intro.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 716 B
743 B 30ms
26ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/intro.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9cee4732240fe6c26dfc0249b47df7c943a99d7fdcb5107bc5ed64a8f3cb46f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 06:24:36 GMT
x-content-type-options: nosniff
age: 543540
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 716
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Jun 2023 06:24:36 GMT

GET
H3 200 intro1.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 1017 B
1 KB 23ms
22ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/intro1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f442bcbb0f1d831953f2fba7a1d8207ed24d14cc7ac58345a43317c49e16fc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12169
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1017
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 intro2.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 1 KB
1 KB 24ms
24ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/intro2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7bfc5ec1372f719c95bb149106329bfef053792f90ce9d65af5c6114d9bbd9d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1257
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 intro3.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 976 B
1005 B 23ms
21ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/intro3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6956fc28f82d70a962348e134418c69612e28fdb4beb73fc274ebe62f841aa41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 976
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 footer.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 461 B
491 B 24ms
21ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/footer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f7a9574f3b391dc61a8dc28e049d9328492100c73a15dadaa24564749871b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 461
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 cartouche.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 1 KB
1 KB 26ms
20ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/cartouche.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

30a759abf40c05037c96a32b7bc87c151f040772106663b611e0b92689150407

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1241
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 Boite-Sosh.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 978 B
1010 B 28ms
21ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/Boite-Sosh.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b26e53910eb170be4a63bf521ba1606d719a401838a685c24eb89733c0f98a17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 978
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 lightning.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 781 B
814 B 33ms
27ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/lightning.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aaf30665a4722a0fdddac36e753601982c263544fd84adb3b2951861c70385b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 781
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 produits.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 2 KB
3 KB 34ms
27ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/produits.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ff8a60da3904d248527c9e7508c6810690291c139bc74a1e7acd422f4b62c4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 06:24:36 GMT
x-content-type-options: nosniff
age: 543541
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2558
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Jun 2023 06:24:36 GMT

GET
H3 200 offre.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 593 B
626 B 30ms
24ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/offre.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7c59d256c3de6dedfd26a854d90ed114678478d9f9cc6bc76cf283b5093ef7ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 593
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 offre1.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 1 KB
1 KB 28ms
22ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/offre1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f1922f85355c816c6220c79ca17415c9073f485490c3939888d489d6ba8cf16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1150
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 offre2.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 896 B
929 B 33ms
28ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/offre2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

34a451255bc97111caa90fca4b383515b729ee03aa601b12ffca6d33c045b7a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 896
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 lightning1.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 518 B
552 B 34ms
28ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/lightning1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bdc480ab73e526710ea6e926702610c7edebf05be596f29eeb839d410ababd8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Wed, 15 Jun 2022 13:47:40 GMT
x-content-type-options: nosniff
age: 430557
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 518
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 15 Jun 2023 13:47:40 GMT

GET
H3 200 lightning2.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 529 B
563 B 35ms
30ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/lightning2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

67eabf6f1f5607869700dd1a0b53370d6da880ac61ba9fc150723f2e4f68436d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 529
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 txtb.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 670 B
704 B 34ms
29ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/txtb.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

697be4a8da79fb436f92800d6ed4a241c508d9f33499591bf6483b15fa763386

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 670
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 box.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 2 KB
2 KB 39ms
34ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/box.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bef819f1c660867f1885fcc209a22ad2212337752d78499588b74fe771ef417

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1662
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 argu.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 886 B
920 B 40ms
34ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/argu.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c9875414d62645e6adb8a123f7dd1806cbb9a9692980fcc7bf547a5cf52e0a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 886
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 argu1.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 644 B
678 B 37ms
32ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/argu1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bcbd96e66f8c5975255530ada1ee148db1b032e04f0feb86be3d49a389ff27d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 06:24:36 GMT
x-content-type-options: nosniff
age: 543541
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 644
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 14 Jun 2023 06:24:36 GMT

GET
H3 200 logo.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 1 KB
1 KB 36ms
31ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0d0d18b067e9e89d82d7171cde23fba8ad8c4813aa69a8c901ca8d30abdecd87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1161
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 logo1.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 541 B
575 B 40ms
35ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/logo1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3271367c74f3d1280dc946a7c545dec5852b8c126988b2cf411f63ed4d227582

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 541
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 ml.png
s0.2mdn.net/sadbundle/15999276537831169285/img/ Frame 61D4 8 KB
8 KB 35ms
30ms Image
image/png 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/img/ml.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8440bf06ab6a794d6024c8f6c6b08d531cb0a3f1b68dd671457b2df1a3f2b5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 10:00:47 GMT
x-content-type-options: nosniff
age: 12170
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7713
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Jun 2023 10:00:47 GMT

GET
H3 200 scripts.min.js Show response
s0.2mdn.net/sadbundle/15999276537831169285/ Frame 61D4 79 KB
30 KB 22ms
21ms Script
application/x-javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/15999276537831169285/scripts.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d728bb9c16c2068eb33063093e90f7b29427aa371c36040230fcb80a892e26f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/15999276537831169285/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Sat, 18 Jun 2022 10:26:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 183421
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30245
x-xss-protection: 0
last-modified: Fri, 20 May 2022 09:09:55 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 18 Jun 2023 10:26:35 GMT

GET
H3 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ Frame 4E86 15 KB
15 KB 32ms
31ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700|Roboto:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Tue, 14 Jun 2022 22:19:25 GMT
x-content-type-options: nosniff
age: 486251
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15660
x-xss-protection: 0
last-modified: Tue, 19 Apr 2022 18:42:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 14 Jun 2023 22:19:25 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 4E86 15 KB
15 KB 28ms
28ms Font
font/woff2 2607:f8b0:4006:80c::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:700|Roboto:regular

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Wed, 15 Jun 2022 19:35:49 GMT
x-content-type-options: nosniff
age: 409667
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 15 Jun 2023 19:35:49 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0141 0
20 B 83ms
82ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSsm-13SwYqj9MvefoPwP5KWbiAkAAAAAOAHgBAI&bg=!NTalNnLNAAZlcKWdRXA7ACkAdvg8WpVyfI8mK5yoenc8k8M9ErBHFDFAkBZnaIO1UK1YXogjdcx7RwIAAAFCUgAAAANoAQcKAALehJkC4OqXgZY0sAuhhib1hS3Eu0iVVvo72JjMs53oC5xlyy5TiEiCJo0sC5LIBoB90nOlZn42FNvfCyhAdSJVTRXNEP_jDvEWvPJG_9KVCyA5yTaNCS7_Wdtn9_wfzobcGJAoU75lC0IFFCy4csFOLN_of9uoqtRJNwGlgyMCN-ieyQn932yZ6HalxyzeFoCCV_3DL_yZCy-rW-2BcFW8_HTZbMRtF2IQN60k28RBE3OSEWMtPrRAusVQ-X1aDJnoJvwpBE-teAMJ9K3IPoRiUttS3Rq9bhUXByHqC4qMEwwgskmy3DMaxK5GjWIdb37v91VusFvaz9rkMwwYSnNizEzCDpqq-L-Q-FcVDNTNUnXbVEZb-OW10ea4KqhaXt0hmevKPZFE6zEfxIe7IonagNeF5FgdzvGz89Ok0mfusucOIHs414wNmT5fk3fA6J3A1-3FpGEVe37JeQWPIINIG9CqYKdycsOSVS7bX_L6myLQpEtmdSiDNuIiVSRH4yNnS1ThqahomozdKEo68E05rS7GXV1ayfsG6Sj1mhBKQ8zpIpN3Q67WhBvzm4Syphmem8AlHxGz5fUTHPkk-3ufJqers0cRnl0KwiEtvVePmUqmbu7bUaJoL_s4CzBSnqPOtkdJk6bYVJ64aKGkmq-DtULoT6EhCKAnL_LdSQqsAGL21hZI7askMv1NkFkGopijbmL-ipPVrkjt3pM42JRVUyK0MqVbmM47caa0vtFrE3vmZt8fFigYGuhUMtMUsWh0svrLOWdG0q-3jdEAfCST9upeBhpre5Q5mnhIXgO0hUZBJATnb3V_SB96n6oMsIaP2JJ0Xxdj6chuJXFylZnn2P_EQiFEzm6rIgCPGOk3QfNNW3flTXmrYB8QOIxQ0qbZk6XahwD4qVAT825sp_n-vVQ-OfjxaUPdMMtjCF9tAi4fGBczMhCaE-I-JrLFpEOOf11afSaBkmhQP2pkK9-DFY6n55s

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:36 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 138C 0
26 B 39ms
38ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsseIjXQAEM4JfzN7hvrMaWivRWdL6zVcGlyZZEO2MaHtieHeaKyUoHNns7pnX5QKc_IlWP7d89HytXuNEhMbum85mfZptgoFM7iuPI7NbFvYO_Y3Kj4poe99vZHrZHHXJ45pVm4_Q9DfLD2xj1Px7Bi7d4f-huT9yKVBPOBMk4G7wGUKG972fBq8bfOR1pt8a6fa06FRAKZxEYw047X6gM862azdbjONbI1Wdt-EC5ZQToR9l764rTD9maBcfcrOPwFkEGLv3LfyN4umwf-jPjeoA1K5T4QxMa7gWwePEcssL6Q3YCgfs2wgtsbs3rsV0g1iv9YS-mQF6g8oSnfOCOxfbJNykIpxSBcjR9yfofruVuP_BKEKSFwZcHDBvIxjanC8lS85FAO36EDouwqzn4f11LDsDc24CwTCU_rDvjPdrn78lo-7FBglpOyPtP_p-J02sJb14lKIxXgEadJLidzDLUPMxLmDMOOeMjcQZyrkOWBrSbSbT2DtEy2-awGtN7GpTU34XOlhW8lVSPzEMxrRq5JbP-cIa38mazIf4f6_61kLnAAVQ8WgZ4VMQJcSiJxm-sLqgVu4xwbHWtNrGyC2Vry1bUNtY5O0Dmu4vB-SulZ7Bshw35EyD0ovcRugNEC7f_4er7HEmqEPh3InL4KXPNrVagGZK1B68UCT90nQpyIVzvPajREV9sH9cPhH63iBpAkK-w5Xg-5JxuO-9zyWhF8Xhinfspvj8db8tg5V01X1Ia_RtMq999rfSuZoUrrNRREnIV-tiU_LNhar_-N7JHxaHRhB5Xxk2zR8t7h_S3ZbZk4G5WlRFDtRYWEm14lVOGomWbk8eRMEgXkV0YUx_XOj7-n4CevhhDJeQGzQoM8_Ifef8zzCDtQXG6IjSPyIqIEsSv-OfZ90mKRepfhlTCJVmZkpxpwwqRlf-KacR79KmZesg-t8kj5y9DnTmEb71N0ZQ6jvO2c5ubV7M7w1e5W92VQ8wHX-HMn5KEMSnn4LdINh5P0yt51VJIlgXFPtpyFrM-_kxb83sDps7ZFqGUkxlIIYPqXWkNNOnpeFKsBkKFMUlowaKWUYq4D2n5wlJUBGGs0MCHdCXvOr4I3cB3Y7_TxaecCXmPxbze94vgMz-sbDDQ7dDKIxM6_GMPz-96VR9oBaNli5qeMppMfwuACSD1h7GhPH42Hm8u6dIWh-w&sai=AMfl-YTRAuKni6y7F-SupMELB0pWu1J2FWrkh5VTeLJpRyvY-s2zxmDQw6nY6u1MDjWl9BlEnGbC_ZJVgNXvQ6g6X1JUkhSb62u5NSAVeM5YW1RUwCy58wNBZCJ_fqt0IDhjKuM94Cc4L5gjnGe3EXKDzS_VwU7OOOnlskPqWmzjdOUhFw5VZX18ZEb3MWanGhu9TJIpJ_W1voUhELoiPfs8oCel2CCGUTb_NQ&sig=Cg0ArKJSzDrHb9V_m4ZgEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=596&vt=11&dtpt=461&dett=3&cstd=128&cisv=r20220616.99484&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:36 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 n.js Show response
geo.moatads.com/ Frame 7FFA 83 B
256 B 177ms
42ms Script
text/html 3.137.132.184
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.moatads.com/n.js?e=35&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&m=0&ar=bba88fd8b49-clean&iw=05e1c9f&q=2&cb=0&ym=0&cu=1655731416896&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=27827239%3A4440622%3A336730274%3A171790567&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&bo=ioffice.site&bd=ioffice.site&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A373%3A373%3A0%3A366&jk=-1&jm=-1&fs=198853&na=659053458&cs=0&ord=1655731416896&jv=1215762944&callback=DOMlessLLDcallback_4212131
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.137.132.184 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-137-132-184.us-east-2.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: 02f8703e1073be2dcf9438ff18091657bdff02d34b4e3a048838ab1a72e6637d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:37 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "243ae1656f732818b2be41e65288e73ed21deedf"
content-length: 83
content-type: text/html; charset=UTF-8

GET
H2 200 v2 Show response
mb.moatads.com/s/ Frame 7FFA 239 B
413 B 175ms
55ms Script
text/html 3.142.125.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/s/v2?url=https%3A%2F%2Fioffice.site%2F&pcode=havasfrorangedcmdisplay758646212611&ord=1655731416896&jv=1871094015&callback=BrandSafetyNadoscallback_4212131
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.142.125.248 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-142-125-248.us-east-2.compute.amazonaws.com
Software: Microsoft-IIS/6.0 /
Resource Hash: ca7c02d829c486d35dfd33c58dc6f1a4d2f00fab9283832eaf2228ffbfddf2cc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:23:37 GMT
cache-control: max-age=900
server: Microsoft-IIS/6.0
timing-allow-origin: *
etag: "0ba533a04b98ed7cb0e48c8a7de1160cb540a94a"
content-length: 239
content-type: text/html; charset=UTF-8

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 29ms
18ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&m=0&ar=bba88fd8b49-clean&iw=05e1c9f&q=3&cb=0&ym=0&cu=1655731416896&ll=2&lm=1&ln=1&r=0&em=0&en=0&d=27827239%3A4440622%3A336730274%3A171790567&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&bo=ioffice.site&bd=ioffice.site&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&ac=1&it=500&ti=0&ih=1&pe=0%3A373%3A373%3A0%3A366&jk=-1&jm=-1&fs=198853&na=989161315&cs=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
DATA 200
OK truncated
/ Frame 61D4 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 prod_studio_01_238_configurablemodule.js Show response
s0.2mdn.net/879366/ Frame 4E86 31 KB
11 KB 30ms
30ms Script
text/javascript 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/prod_studio_01_238_configurablemodule.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_238.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf9a6d2d58d42b5239d8c9405c627d9c995f11eb4e2807be1f4f142028dd5f9f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 03:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 37170
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10829
x-xss-protection: 0
last-modified: Tue, 11 Jun 2019 21:21:50 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 21 Jun 2022 03:04:07 GMT

GET
H3 200 soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js Show response
pagead2.googlesyndication.com/bg/ Frame 1032 35 KB
14 KB 30ms
29ms Script
text/javascript 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/soJQjVMEWz-AW2aX2cEGIVeY-mqDblLvtbtmS3KyNC4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

sffe /

Resource Hash

b282508d53045b3f805b6697d9c106215798fa6a836e52efb5bb664b72b2342e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Thu, 16 Jun 2022 14:51:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 340355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13867
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 09:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 16 Jun 2023 14:51:02 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 65ms
52ms Image
text/html 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022061301&jk=3854202735266871&bg=!vr2lvfnNAAZlcKWdRXA7ACkAdvg8WvPZYSFjnZLtOjhVtB6p7oVCPoVf4AEU4zU9uEjHu0fjVGVcTgIAAAHgUgAAAARoAQcKAJqARuVsYbtXfpWm4-cjY_U8bH_w0vzGC-NnhbqJ7ggty0FLkrmvj4hRCrE5PN8EXyRsMtm9FvnqAnrRA4s9F7IUhZgH0R4dpiw7EH31gVf1uvKqLnmujui9eJ0z0ou2dNiOsVAFlsiZCHELaL6-Ds50m-BnR8Be23_rnWhzToneoR7nV0lsovC9bXQo_OsT3-jNFxxMWiW92Xr5mQKhSVsjga98sjedW_QadLSS-lkODkNG169MWXz1Hyd0Skwcjp1cB9e3a_cGpB2U_t68Cq_r_fAWA1YJ1VnrTaHDmW1hM2kUbfd9oQMug_liTJ0qbcsFDlGA5dLQs7qAO5M4Hrg3qFeLjLJ-0MtX2v6d4BJkb-kqTAH5Pt9iFWLC4U5Aa4KyfQPbk9dZZSFggxNIJEqhh2a6qGxjOof7KpLMFij664KQukUWoWPRZIirnZvfto5rpdG7_1OmbsmdCxKyZ-IPE_t4zSsLDhVTdWdwdQz1ra1_TtRhRUmZZb6H8OHCOiUxaag5Cy9F1zXqPkxN88WA2DJgIkoHJ8FerIZUNVmkY8LC8BTaOLCTDU0QEYY1yqxfD6f3jQBGSJjYP8mB7gEWTz0BX87GVTv5MnFBWTM7rzMn6ZwcVmqeg7oTEJBz9H5snEWkZBBzongWOurHK6YBX-iN17F03JOWFkZ-QLOByCtLODGecWNfkqFsv33lC6H9IGOSvG1t3g3a8_IHPs4I9KJaVHNZjd3Ia6Smdy8VzZwwXZInnaSAwwjlP8EW4RtBiFvGz1XgKV56YPrVfSxb3Nte6jfTk_Np9rhBineum80Xg7j1EMiWkYPU11RmMUFUQ2aIAOSYL34XTohECz9TL1p6WrM2gd1I81eOHHvRGkF9Nj8_AwDlcO8kjTOPh44TeAeKNIHR-mOKHi-HbLdP71Iyo3vsz2nFAcmQzR534sbpW4mTAkMcTt7frFCcdPW0twYUJgk5c__bL3GyU-has6mCP7kXXR__vOfAX0bQ2cZbD8AJBg5O_f8FbI98s0ddMj5cilXzyEy7vFwnKL9wS9VLGJzAd0BUJSvljyQGWLVeujC5xixcMNVD0JILRVqpR_0t1q86OMl7Qjj1ZA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://ioffice.site/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 21ms
20ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs0.2mdn.net%2Fsadbundle%2F15999276537831169285%2Findex.html&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=138&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A373%3A373%3A0%3A366&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=104&cd=0&ah=104&am=0&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=1&jk=-1&jm=-1&tc=0&fs=198853&na=1915686549&cs=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7FFA 0
26 B 49ms
47ms Ping
image/gif 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssBQhuc9hHk_V0Pi1T3pSjau54uEHSLxmNY-PmsXyUfbuos6uHz2lgsqdq-JI8vAP4T_3ylr7ryaFh0t5r7NyQaBtOpama4_nH94F-YswgccuhyRjb8jQ26orNTW0-WP1zOEIf7WjoMdnMVinbimnyud3D4MFf2OAR4dSvq3ZTzkDooVdEyka0ggmTL-82q5qnn7euIVrdAYxNN1wEOdbBkNxfQS-Z6TEkudqjyfGCWsCO0EEvp5HoekzYEiDfJ-VUSyaOkx5E4jlvu-hK61xMVhPg-TvI62Ju_og8Pc_1QH3JunMdJL3pL3z-Oa8WWmoyJoQWVCChB3Y0hIkCRBbwkyUDUAzyF6sMzmhRKCxo3sKebBzvLdiFj2DNug2yK0IXfvAj_9XMu6vub9gxPbk1dUkNgyM4N4a3bqRNUZFyMfXzrtw1dAIOkCxt8EgPar5SDYwTg3XCznCjG5mE9tfYBXXmWAh_yems1A4zNSXdbijjSIdZ1OPX7pPywmWIz_nBXRvXzX2_xmFdqNp3Eu91leYljzT942a-XRhhTHhekJr2400A-S3l_Et7_Mn2B90H1c-f8tR05R_-oefXBuO3F2mRT6oqEGjn6aZck7Qm-WiE9hH8bGOARcPlk15zk8aU3U7a7dX6aZyYj1YHxH3PYu9sSLbg2pnLl1a78P1yySYlRB_VlkgWtpYWIJFuXKqOAfi7-eXTYkhK_NZKe24a7e6NZKm7Zrym-3BzvJauHp0Pz8jb8gdevPdl93aulMxBY9vE3Vg9pAX2dCoNBh0-F-oCyql3p6gwCkSn9_159M5n79xe7q11_aJJfW5CquVbsd9ASA9tewrklcuTl2CeKy4ddlb6NB5A8unjEqt2ZOh2oZhAiIU4n5SaEmjpiPfUtRsdJhfVyO0dPL7j1wyK98Zs9cIglNYXrCE584-PS1eQNA9qMfBIUODaU_unIsJWIyLbA4980IljpNI7mTZqTIIb8uZCou4_R8-t3_Xj8vSswVM9NITqt25VxlQmijcWtCA7zPbilpffV3zjhoCSOrOU2mqG3cm8d09p-liZ1cm23jQ1YUuPD898S213BGYXcdUpXmZtjIhrxa9N8mQrFG6LPyxVvF0jWZYSz7rsIeIOL-U-L-gClHO2WuR5EYMjo0u_rTdEfXaq80ln8CMiVEw&sai=AMfl-YQ2zc-glRDmO43vvLv9d95U4qVCQ9nkoy6yAVipsv4moG_gJgOr2PW2-Vusut9UV1lCny_ElzqZE9rHSOKNCa-DOC3Jd9StiaNIGxOFOEsoNAKVGmrT-4FBCiN9nWmTHzGooKfuAASZ70eePFcVG-E-pqcvjHtAk_HWDVLnzlEBdV3feEXfoRy8xkuLLnY2Z7ZUMRxjqcA7TCn4lH-axz1t4gniOF-SfQ&sig=Cg0ArKJSzODq8EA_8kdsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=686&vt=11&dtpt=525&dett=3&cstd=157&cisv=r20220616.00833&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: ioffice.site
URL: https://ioffice.site/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.64.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 20 Jun 2022 13:23:37 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 21ms
19ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=234&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A0%3A366&aa=0&ad=56&cn=0&gk=56&gl=0&ik=56&ic=56&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=104&cd=104&ah=104&am=104&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=-1&jm=-1&tc=0&fs=198853&na=604775956&cs=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H3 200 arrowIcon.svg
s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/ Frame 4E86 429 B
289 B 21ms
21ms Image
image/svg+xml 2607:f8b0:4006:80c::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/arrowIcon.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80c::2006 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

686e714a396ef9b1cb39f3c06f50dbc54b5105a6d3a7c41e013e624f3edfb84d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/mu/templates/brand_awareness_cuecard/responsive/V1/index.html?e=69&leftOffset=0&topOffset=0&c=sucEyQ3fJQ&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 13:09:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 837
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 252
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-richmedia-studio-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-richmedia-studio-eng"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-richmedia-studio-eng"
expires: Mon, 20 Jun 2022 13:59:40 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 118ms
21ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=104&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=1&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 119ms
22ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=104&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=bs&os=0&fi2=0&div1=0&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=2&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 109ms
23ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=56&fi=1&apd=215&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=3&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 109ms
24ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=56&fi=1&apd=215&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=4&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 105ms
26ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=280&fi=1&apd=439&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=nht&os=1&fi2=0&div1=0&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=5&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Requested by: Host: 6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
URL: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:37 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 138C 42 B
64 B 39ms
38ms Fetch
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvNDEcB0xUns5y5HV8VWHtRU6WO5AQ_K2xnGRplrWCv2MmhaiKJtT6sKADSORqGw8VQhCn-mb54OmkxxlfeXzrC5fxPu2kFC5MliX82bLn9zKf990qBW7CJMZozBNM&sai=AMfl-YTicZUoL_-t2Q9FosjYIBJN0azdhbOQb6OylO2VQULkQbhVX8kPLQ22-ACif095zHXnBSDaCUaVT4b8j9bM5R1S_LhkA4PydRhrpUtTDLCeCizuUBxMYvCtcxgehCK_&sig=Cg0ArKJSzFMEIZZ9CjdTEAE&cid=CAASKORomU6PW98A1GKB8LuLZSBtZ67Mt347310uehlv1HqngbDv80efpwU&id=lidar2&mcvt=1006&p=1004,971,1254,1271&mtos=0,1006,1006,1006,1006&tos=0,1006,0,0,0&v=20220615&bin=7&avms=nio&bs=0,0&mc=0.78&if=1&vu=1&app=0&itpl=20&adk=2222404233&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1655731415979&rpt=401&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6B44 0
20 B 82ms
81ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7JUM2HSwYrmQCITGzwXW_IugBAAAAAA4AeAEAg&bg=!n5ylnNjNAAZlcKWdRXA7ACkAdvg8WpWDxw1yp3_o9EgLbLkseebvbbWtlBfkWSRC2D1YdSXzzn0NlwIAAALCUgAAAARoAQeZAvHbiQ7OTRvBcP0gBzlmrGob43rIOSk_h5oApYT9zP4-ltM_P3npQ8qj6JzPvOHUf3QNSslpYxoon4Qudr9JnUZD4wVTSWhc5v0SfZ1r2U6muPC65he6arbP6GdsxI9vNQQ19xclEO21Si450HC0Y9Yr8tURVlFaiYvIPlPop9SWrq78aF1FE5a5f2-XyBagGthYojFQ9sk8Uo2n_fnE_mk7J8HNSVA5KSyFiBr3yTbrEdaFtNZcArh0QHTZhGppWykvD0DLkd3ZOTivyLCjY3jIHYgHkicveGXaBVx44lrIQK0CltX7q32J5nt7I83wCrkRb-Vq2-MnxvOS6RrjyQUj84KPVlyxvjc3oKko-dgyM0CdKoZ58wluIimsbpV_FHHxXsSwCOdBQeDwVECP9F-acMmYv6nuAj1wzIhbqLJuWrPHeVVSKk8G4rt5Xb7rRE5_mX5VJjel2CSD5R7_eIjjZMuafJ4lVUFb-MPw2CZ1r1GMoG5r7KEDsBpBn9hg21oJGWWqHFPLMDeYB8qiHIAzI-hXvhugq_oxIrwICOwQUxoWxDnH0w_1sYIfwvk1EWDgLJ8S5QxWJQP7xceJRoWgoYyyvPViP4g1hpsCfSdfyWVNDtqJblaD8hDp3WDDGyosEE__7ss6vYrziMMCKjx3myyNgyY129SaPKZd-L2RWC_1pfQycH5GZ0SbI2v15d1kxbumux_y4vTIul_UTqdEORxSrsKm6D5fhEH07WLzCp__oWXwx_O8Z0esHy1_h7p2jpSlS1tgU9TXxOwCsBYnbP_gPEawwXCyFSFZOzm1if9PfZlkx9fzKx7hkDkm4o0kTN3ZKtS_xD55pMwBvObFmrxMBWPy92YxHaLP7eJ7lrSKKLHd_y7YNnzjxxhlb13CMNPYCpBn0zMZqbl7z9XbNdxtQDh-34G0QeCq6h6M8f3Vx5vnMvtu3ikH-lzJaE_-thidlD0b2Mbw8wLjzpLPDe9sJm3o4KIiLKqkhQ4oU1c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1032 0
20 B 81ms
81ms Image
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCPkN2HSwYvqgF8PezwWO2L2oDQAAAAA4AeAEAg&bg=!LS6lLmrNAAZlcKWdRXA7ACkAdvg8Wts9n1LIpUUVhuPO1EqOo9iJlXAkzGw8s8kuHYfOJ6NelSV4_gIAAAE5UgAAAAtoAQeZAuvBcYk-Ds7vNo8H9v-5ZtCPH18KBljj01RwsaBqnHpF5RO1YxX__rVY8hPjxJO_-mHsq85-A-aWADq9IFO5iyydOhN55z3u0NPyXSlVGhNE5sNpwdJ8JwHWYMucJhkRjKnExJG0rgk-t1GCBJ1ZpNYivyd67AReLE07915yzX5GTXgyWGUpLOGS7G0J_PkFwlqPbqqF9gOC-IjfDrR-SsuGNp6nXrhHeq207iz6t4EcTW3iE21bJvnODSDJllg826XdFWTgzlShxQ6e-J2vvhnh2nV3HZSxyPjhz8eszP2AxDJWO8eRYx2HOTwCb0AfA-n7NC2UtAQhUPKBHgBeS692o85IB7qPPH5ED0zFCEvMhTNio40HcpzxyD81SPLUSI8xUqP3kPuD53UoTRU2Xu1kcXyMyV6NaEVGvkDXpv8MCU5LG8QC5eoaIi8lFfFmSvsx21EaKmLOic45QkaSxsO-XNjL2QbmPZ6smH3YdfWQj6aYCG-KrB9ZzzR7r2Od2EDssGZ_qT2OqyCJR3EEkctUuOKpWWTgDVCTZJm2fNL7jIXsFyGkXg1aDL9IVMM5tLyTZDR8DuPJLY8ckom9dbuu3FmmFJDlrHtvjwhjj1WqaxDqWOYFlUbUw_hjsVBdEhKFjmP1jO3EUOKkiYnAX61nC70spSqa5A0ILA3386JA9WWoBSUsK4Cr3yStbrMZ-astRH6vNuEoWD_muW0IvS9LZeLfq4fyGUpwr94t-7Xc5BsC4MPsUFY71kreLdoKi266plyg9uHqV8NsBAcrsgXF5Zb5UdbH5LeUWWKb7KjRaOZubIdago4KexyHR_8Tb3wJvjx7OMdfvHEgqj2pUovFzIj8FO_zcRyz09Rwfj8bbMV7yQbKJ-AFCkHFwKb0FeDPINRZthLImN--wr4MgR5eNtB4rzeAL60dQmHs6tq7wurML0JsUzHOy9bBqG9viVgmWrdmehcNDNW2QuOzgI9A_sP4yC3lOi-EOw4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7FFA 42 B
64 B 35ms
34ms Fetch
image/gif 142.251.40.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvuAZeGMKOt_hsArik6A1ChsFcDxzYdorLSyp6joiSYPjq3ek4u_0OmJ4KDHYj0xs2CeKbTvk4EjeFKw65Us6_TzF9B8jVRzXqu8JPwD81fsnl3a63cjSATfhma4lQ&sai=AMfl-YR8dtSzMpjFiqmShRFJFjdG8fG84848m9pk_HtToHNPCje_I5qrdl1qYiviA54-diJ9hjaB1bKf1BvhUo5ghM9OMmW8ieLBr3ncBsRWSgbqucswsJLctYwkCvGQIfxZ&sig=Cg0ArKJSzJNCcoB9KibKEAE&cid=CAASKORo-8ZxD4kCkUtatCpaCP5csRDd8RMijSuoRbGEtmZjzuMBt8M3emg&id=lidar2&mcvt=1000&p=38,583,128,1311&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220615&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1311897351&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1655731416267&rpt=341&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:37 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 19ms
18ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=2&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=1279&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lf=331&lg=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A1245%3A366&aa=1&ad=1102&cn=56&gn=1&gk=1102&gl=56&ik=1102&ic=1102&ez=1&co=1102&cp=1061&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1061&cd=104&ah=1061&am=104&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tc=0&fs=198853&na=486820513&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:38 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:38 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 30ms
29ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1061&tet=1102&fi=1&apd=1261&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=iv&os=1&fi2=0&div1=1&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=6&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:38 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:38 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 34ms
21ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=5&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=3&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=1280&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lf=331&lg=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A1245%3A366&aa=1&ad=1102&cn=1102&gn=1&gk=1102&gl=1102&ik=1102&ic=1102&ez=1&co=1102&cp=1061&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1061&cd=1061&ah=1061&am=1061&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tc=0&fs=198853&na=356380086&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:38 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:38 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 23ms
23ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=2&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=4&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=1281&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lf=331&lg=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A1245%3A366&aa=1&ad=1102&cn=1102&gn=1&gk=1102&gl=1102&ik=1102&ic=1102&ez=1&co=1102&cp=1061&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=1061&cd=1061&ah=1061&am=1061&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=5&jm=-1&tc=0&fs=198853&na=796188423&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:38 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:38 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 19ms
18ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1061&tet=2112&fi=1&apd=2271&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=civ&os=1&fi2=1&div1=1&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=7&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:39 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:39 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 7FFA 43 B
260 B 18ms
18ms Image
image/gif 23.205.74.72
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=1&tuv=1061&tet=4926&fi=1&apd=5085&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=ioffice.site&L1id=27827239&L2id=4440622&L3id=336730274&L4id=171790567&S1id=ioffice.site&S2id=ioffice.site&ord=1655731416896&r=302092504736&t=page5&os=1&fi2=1&div1=1&ait=0&zMoatADV=8364841&url=https%253A%252F%252Fioffice.site%252F&bedc=1&q=8&BSD=safe&BSC=gs_business_misc,gs_business,gs_economy_misc,gs_economy,moat_safe,gs_economy_markets&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.74.72 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-74-72.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:42 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 21ms
20ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=5&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=5303&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lf=331&lg=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A1245%3A366&aa=1&ad=5127&cn=1102&gn=1&gk=5127&gl=1102&ik=5127&ic=5127&ez=1&co=1102&cp=1061&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5085&cd=1061&ah=5085&am=1061&xd=00&rf=0&re=1&wb=2&wm=1&wi=1&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=8&jm=-1&tc=0&fs=198853&na=2018973821&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:42 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 7FFA 43 B
260 B 19ms
19ms Image
image/gif 23.41.169.149
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=9&q=1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=0&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=2020306815&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(Kc%2CO%24%3D!!t%258%5Bh3M%3BIy%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rb=2-P0xt5T9Dn5ips3zWES0UEhYKQlBk9l%2Bd1St6rl4fSl7XR4zDhBa4DU0%3D&rs=1-HlB%2FRG4580cdYQ%3D%3D&sc=1&os=1-7w%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MxOtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJfR0BqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=728&qe=90&qh=1600&qg=1200&qm=0&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&vf=1&vg=100&bq=0&g=6&h=90&w=728&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fioffice.site%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fioffice.site&lp=https%3A%2F%2Fioffice.site&t=1655731416896&de=302092504736&cu=1655731416896&m=5505&ar=bba88fd8b49-clean&iw=05e1c9f&cb=0&ym=0&ll=2&lm=1&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=94&le=1&lf=331&lg=1&lh=81&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A373%3A373%3A1245%3A366&aa=1&ad=5328&cn=5127&gn=1&gk=5328&gl=5127&ik=5328&ic=5328&ez=1&co=1102&cp=1061&cq=1&im=1&in=1&pd=1&nb=1&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=5286&cd=5085&ah=5286&am=5085&xd=00&rf=0&re=1&wb=2&wm=1&wi=1&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=27827239%3A4440622%3A336730274%3A171790567&bo=ioffice.site&bd=ioffice.site&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=8364841&zMoatDBMCampID=16719075320&zMoatDBMIOID=1006184074&zMoatDBMCreaID=425802737&hv=findIframeAds&ab=2&ac=1&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=1&jk=8&jm=-1&tc=0&fs=198853&na=655555397&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.41.169.149 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-41-169-149.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 13:23:42 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 20 Jun 2022 13:23:42 GMT

Verdicts & Comments Add Verdict or Comment

160 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.ioffice.site/	1970-01-20 13:17:07	Name: __gpi Value: UID=00000602122c9d5f:T=1655731415:RT=1655731415:S=ALNI_Mb1gfQZfV_g4-dCOipUO0txQil7Qg
.doubleclick.net/	1970-01-20 21:26:43	Name: IDE Value: AHWqTUlJuyT2R7uTBu3zLE_D2ebOI0GXff_aSspbPgjXnUvf9NCXzAX2rZpCu8wJ7l8
.casalemedia.com/	1970-01-20 12:41:07	Name: CMID Value: YrB012MGguQvRQsKXCZZHAAA
.casalemedia.com/	1970-01-20 06:05:07	Name: CMPS Value: 463
.adnxs.com/	1970-01-20 06:05:07	Name: uuid2 Value: 2201382305340591935
.casalemedia.com/	1970-01-20 06:05:07	Name: CMPRO Value: 186
.casalemedia.com/	1970-01-20 12:41:07	Name: CMRUM3 Value: 2d62b074d82760
.casalemedia.com/	1970-01-20 03:56:57	Name: CMST Value: YrB02GKwdNgA
.adnxs.com/	1970-01-20 06:05:07	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVHIvA$j!@wnfH8K6pQK`!5=E<L5?%M(0h!ybmuF=`/vv/(gugRr/vP:u@XrCO5cKObpRzqF1`b^Ku)wf2
.ioffice.site/	1970-01-20 13:17:07	Name: __gads Value: ID=9902280aae5c7e16-22fd6b3e627c00fd:T=1655731415:S=ALNI_MZ8jZ8MWVINt4067ASp-UUW7Ki3Xg
.teads.tv/	1970-01-20 12:39:41	Name: tt_viewer Value: 9faf892b-53e4-4cd7-9590-5b0d35af117d
.openx.net/	1970-01-20 12:41:07	Name: i Value: ee034039-f55e-4827-9909-9d8ad41b55c9\|1655731416

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js(Line 135) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6f139bb3bf7455bc843bc4a8c056a83b.safeframe.googlesyndication.com
adservice.google.com
cm.g.doubleclick.net
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
geo.moatads.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
havasfrorangedcmdisplay758646212611.s.moatpixel.com
ib.adnxs.com
ioffice.site
mb.moatads.com
pagead2.googlesyndication.com
partner.googleadservices.com
px.moatads.com
s0.2mdn.net
securepubads.g.doubleclick.net
sync.teads.tv
tpc.googlesyndication.com
us-u.openx.net
www.google.com
www.googletagservices.com
www.gstatic.com
z.moatads.com
142.250.64.98
142.251.40.162
142.251.40.98
23.195.109.72
23.205.74.72
23.41.168.244
23.41.169.149
2607:f8b0:4006:807::2004
2607:f8b0:4006:807::200a
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80c::2003
2607:f8b0:4006:80c::2006
2607:f8b0:4006:820::2002
2607:f8b0:4006:821::2002
2607:f8b0:4006:821::2003
2607:f8b0:4006:822::2001
3.137.132.184
3.142.125.248
34.98.64.218
50.116.86.29
68.67.179.135
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
02942306c33a003a05a4401a5811cf77fc00bab4c9baa6e8348cc48b1df8f811
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02f8703e1073be2dcf9438ff18091657bdff02d34b4e3a048838ab1a72e6637d
03e7094e68025aaea2022a705aa598ca8f772088762a4db5c950d16cb6d6bdfc
0576ac28da77a0d8465f324a45e13e8ba89bd47089ffe612ff992aa4c8440a0c
07e5abb8804e5fc28e99dc962f2d2528f5ead5fdc9096228fb05d84c839a225f
07e7a34003bfb34fb75f51cb4881beded7ba223b9f8cd6e6d60df4f7148d570d
080af8d4c40fa3ed49dc244cf6d94a8a060efabd09f42915c8a1c00d43e0d6fe
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bb0e9bbf7cb14e47850eda6518396c9a3c6193dde1b8c7331cdc6191456bdcf
0d0d18b067e9e89d82d7171cde23fba8ad8c4813aa69a8c901ca8d30abdecd87
0db05d788f42780ee838be3cc8c564c76e9122967c084e08091f657e922d524b
0eba0a65dd4914fddf8f2cf3b726cfce86272b3f51d3f65e57a654fb0ba97a48
124c07b4e8796fd121878e84b052e054d9bf8d1049180a88667ba9e9f2083daf
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
12ddfb9d0438061952f509ff15ceebd23d74770de66f6479a2bb5d4ed6ae5bfc
16e7d3b53b816923cadd2043b8d460fb34c05fbb25e7bd52cb19c355ac87c223
1a7454400e2469aa5845e2a91977b9d7c931639c19917101148e8a18661d0271
1a9a801511b9e46426add8c7a5769f09b346f0b463cbb36bd0a00edd0281d999
1bcbd96e66f8c5975255530ada1ee148db1b032e04f0feb86be3d49a389ff27d
1e2c7bdf83d5aab655e461ae1ba73e756859f18b452b0955a44f88f9e2d9a154
1ff8a60da3904d248527c9e7508c6810690291c139bc74a1e7acd422f4b62c4f
25053a76464104efa0a5e43a5a564b11ee1f6f455ad9b2a9359dcce2ca90658c
274221be58999823d56940d75fe7ad45f9e83dda8ada208ca207cb3e1376b169
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2bef819f1c660867f1885fcc209a22ad2212337752d78499588b74fe771ef417
30a759abf40c05037c96a32b7bc87c151f040772106663b611e0b92689150407
3271367c74f3d1280dc946a7c545dec5852b8c126988b2cf411f63ed4d227582
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
337f6a5456fca744a0de5d36eaba1bf047b9603d2b514929da73d39d0f9739c7
33e8451b98c984ae8eb63d3219d548e15dfce155eacdd3a56dd8e0f816d9fe0c
34a451255bc97111caa90fca4b383515b729ee03aa601b12ffca6d33c045b7a8
467a5b06cb117035f7882e8c71d80e093f04ce586c1ac2b84e7e4adf978edb30
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d04176a4684a09196bbd772cf32e3b0f6af658aba4739e37545e80b4c9777e9
4d5862b3daeff2a0c52d69267a1eae566463c68bea47a8071dd9655c4c7c1192
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9dd8b28b3acfaf0c2f2c40f47e6b11b4d49ce94d67ddd5c03357577e095fa0
502bf78db333356f428e459b0dccdd1974dcdf0a2211c52fe45cc10d6f4a6246
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5ae838d866034b3eb6d4d2962ec3d99f8811897fdb48b590d0860316346300a5
5e8cf9bf6495749c7604626cbf3f964b4e27464f0cc790246e609842dc151862
5f7a9574f3b391dc61a8dc28e049d9328492100c73a15dadaa24564749871b54
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
643ac89572093a4c907c1af802b3d354453c64d545dc3f1be1ce689046064511
67eabf6f1f5607869700dd1a0b53370d6da880ac61ba9fc150723f2e4f68436d
686e714a396ef9b1cb39f3c06f50dbc54b5105a6d3a7c41e013e624f3edfb84d
6956fc28f82d70a962348e134418c69612e28fdb4beb73fc274ebe62f841aa41
697be4a8da79fb436f92800d6ed4a241c508d9f33499591bf6483b15fa763386
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
6f442bcbb0f1d831953f2fba7a1d8207ed24d14cc7ac58345a43317c49e16fc2
6fe7fd108a00ef624524388fe870d2f05b786c0d435f3e5d91bade3ecf6158f2
706517b48066f89e300293d62d80951a0d5680d8c3dcf027770638c75bec6bf6
749fd999b7648709f742229d2500580b76874f276e4d05b5d669df39f35e3c8d
79772295aeb124c683a8abad0c86dde7d252e66c49a91dcfe0a5be37a8dc366e
79c9a47b15a72a4821c90e66d2766a421d5ca641dc5a374e1c3879f19f55db19
79cf7ea4cdd7f173f46b94dd6d9e7310ed0bbca6de51992166d7e778ea1ad0f9
7c59d256c3de6dedfd26a854d90ed114678478d9f9cc6bc76cf283b5093ef7ec
7c648a3ad25c2bac8809450b3b408135d07d4d53da4123b4ae9b56e914445908
7dafb52df8cfd55b4597ed385496f1894205274fd4fa8913053d9ad6c39512f3
80c7fe7749a6e8c85fa6473e7bbba5c5dc6ffe20a86036de26d91bd4b9a4e8d4
8a99716f472962c92a0b9f10c7e3dcb2afd0e345f0d65adb5345a24537351794
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8bdc480ab73e526710ea6e926702610c7edebf05be596f29eeb839d410ababd8
8f1922f85355c816c6220c79ca17415c9073f485490c3939888d489d6ba8cf16
934bb4563a45196d9bbc86ae61b0b41b468f7b13b49092e5e759842bef716f80
96c3fcbcb276d4744da611b67b0af1161b4046db890d3ffb2f93270420ee2700
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9cee4732240fe6c26dfc0249b47df7c943a99d7fdcb5107bc5ed64a8f3cb46f9
9d42299ed9adfc54ccd0038b53202bc39beb78d240de51ca811d0f8b5e4d67e7
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a083e97ec066150eca10f333297598745b067c148c0c3d8e1214c35a264e8db4
a385622e56f3a1e0bba5d2629ff38059f5d66b0c583a1349d2efbe200b6788d4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a658b2be7323c57d4bd5c4197b657e1f5360d1b950131dc377efec1d5111ffd0
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a804d107a4a16e163efab1a21dc21cacba55f21bf7d5ab6ae9bc0fe65681987d
aae16c1e5af0e8ec61c0233555059bf3132cc5d7f68706d06255a7f6d3c76043
aaf30665a4722a0fdddac36e753601982c263544fd84adb3b2951861c70385b9
aedd1b112e247314f7e990485858511f15d21e57885ee131e9e1a3fec0173d61
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b26e53910eb170be4a63bf521ba1606d719a401838a685c24eb89733c0f98a17
b282508d53045b3f805b6697d9c106215798fa6a836e52efb5bb664b72b2342e
b31639b1784eda51185ea2f620d531c1654d00790ce5ac16f333a88e23785d44
b7bfc5ec1372f719c95bb149106329bfef053792f90ce9d65af5c6114d9bbd9d
b92dee0e482b649ca7b6f6de063be9547433795cd6ebbb39924ed8cfac711017
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c07acab194f946004ab1dd40b1e491c56b0cc41559f135745ecdaa5d5c54dcbb
c9875414d62645e6adb8a123f7dd1806cbb9a9692980fcc7bf547a5cf52e0a16
ca7c02d829c486d35dfd33c58dc6f1a4d2f00fab9283832eaf2228ffbfddf2cc
cc88f3a751407b4840b8ed578626d1ba04c2f0a443cff01bdcd038c864b08ca5
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf9a6d2d58d42b5239d8c9405c627d9c995f11eb4e2807be1f4f142028dd5f9f
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d43af314f4a32ff8d1981c5319400f692c2cab96494705a9ec46cb1c45483ee5
d678ab3b4e7dddf5615012cc1a930e50dfbc967181b8fbeb1b98d61549f5ed08
d728bb9c16c2068eb33063093e90f7b29427aa371c36040230fcb80a892e26f5
d8440bf06ab6a794d6024c8f6c6b08d531cb0a3f1b68dd671457b2df1a3f2b5e
dbf12bf1f5d4b89bf65b271a2e45731c8dcb2b2c040eb2147ba21a0ac098494d
dc3bb69d6f01970f16fd82d70349efb71e1c8a32948bb4f940ed0561aeb8cdd5
de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e1c5b81a97ca52f20b5f90b1d028482cf9c6597a5ec11586d9c569cb4367c580
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e60dd4d4d2a9877511e9eea6cd40c4cb5199f4a7537d362edbe08599ba2ff2d3
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f052e8c496901afe2af37cf4bc6a7805ee9ec0d4843fec5b50da05104d8ce11e
f11881a89ad5ebdbfe75b6a82c4f1359bef968b54a8e006b0b677688ecfeb581
f5584b97177e6c52cf220316988cb6a9184aa00c8011cb7ed063c45a5f4556ac
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
faac30b632c29d927a8a2fca7df681f2d533baf34a2dca559f6ab310290ab42f
fb143713b526c2efae7f9304ef3e38933be8a76cf443e34dd2fac01d61edddba
fb86ab2e2578c1e168de5473bb5b7acc35c85b0191d4e527fc080cfa4c9cb136
fc0cfd65dbe106a9d085d5b0d65c43f8626427b08da51740c349344d761eb81e

ioffice.site Open in urlscan Pro 50.116.86.29 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

182 Requests

93 %HTTPS

43 %IPv6

15 Domains

25 Subdomains

22 IPs

1 Countries

2768 kBTransfer

6026 kBSize

12 Cookies

6 Outgoing links

Page URL History

Redirected requests

182 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ioffice.site Open in urlscan Pro
50.116.86.29 Public Scan

Screenshot
Live screenshot

Full Image

182
Requests

93 %
HTTPS

43 %
IPv6

15
Domains

25
Subdomains

22
IPs

1
Countries

2768 kB
Transfer

6026 kB
Size

12
Cookies

182 HTTP transactions
4 data transactions