portal-db.live Open in urlscan Pro
45.79.27.228 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://portal-db.live/mg-investments
Submission: On May 19 via manual (May 19th 2021, 11:08:40 am UTC) from GB

Summary HTTP 62 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 18 IPs in 5 countries across 18 domains to perform 62 HTTP transactions. The main IP is 45.79.27.228, located in Richardson, United States and belongs to LINODE-AP Linode, LLC, US. The main domain is portal-db.live.

This is the only time portal-db.live was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
13	45.79.27.228 45.79.27.228	63949 (LINODE-AP...) (LINODE-AP Linode)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f04... 2a03:2880:f045:10:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:82f::200e	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	172.217.23.98 172.217.23.98	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2620:116:800d... 2620:116:800d:21:5a23:9c4e:e774:96c1	16509 (AMAZON-02) (AMAZON-02)
1 1	52.28.108.245 52.28.108.245	16509 (AMAZON-02) (AMAZON-02)
6	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
2 2	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 2	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	217.182.200.29 217.182.200.29	16276 (OVH) (OVH)
62	18

13 45.79.27.228 (Richardson, United States)

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1126-228.members.linode.com

portal-db.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f045:10:face:b00c:0:3 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.23.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s45-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:5a23:9c4e:e774:96c1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.28.108.245 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-28-108-245.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.74.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.227.252.103 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.64.190.78 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.182.200.29 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm7.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	188 KB
13	portal-db.live portal-db.live	360 KB
10	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	32 KB
6	gstatic.com fonts.gstatic.com www.gstatic.com	102 KB
3	googleapis.com fonts.googleapis.com	3 KB
2	pubmatic.com 2 redirects image6.pubmatic.com	1 KB
2	openx.net 2 redirects rtb.openx.net	766 B
2	googletagservices.com www.googletagservices.com	64 KB
2	google.com adservice.google.com	435 B
2	google.de adservice.google.de	435 B
2	google-analytics.com www.google-analytics.com	19 KB
2	facebook.net connect.facebook.net	65 KB
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	338 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com	457 B
1	agkn.com 1 redirects d.agkn.com	765 B
1	quantserve.com cms.quantserve.com	463 B
1	googleadservices.com partner.googleadservices.com	640 B
1	googletagmanager.com www.googletagmanager.com	35 KB
62	18

	Domain	Requested by
13	portal-db.live	portal-db.live
8	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
8	pagead2.googlesyndication.com	portal-db.live pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	cm.g.doubleclick.net	googleads.g.doubleclick.net
5	fonts.gstatic.com	fonts.googleapis.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	fonts.googleapis.com	portal-db.live googleads.g.doubleclick.net
2	image6.pubmatic.com	2 redirects
2	rtb.openx.net	2 redirects
2	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	portal-db.live connect.facebook.net
1	googlecm.hit.gemius.pl	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	d.agkn.com	1 redirects
1	cms.quantserve.com	googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	portal-db.live
62	21

This site contains links to these domains. Also see Links.

Domain
www.mymandg.co.uk
www.mandg.co.uk
myaccount.mandg.com
global.mandg.com
www.mandg.com

Subject Issuer	Validity	Valid
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh

This page contains 7 frames:

Primary Page: http://portal-db.live/mg-investments
Frame ID: 0B85CB3D411BD106A14110F1EE0F05B2
Requests: 38 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html
Frame ID: DCB46C0A28513067F3FDCA589A117937
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&adk=1812271804&adf=3025194257&lmt=1621422500&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&ea=0&flash=0&pra=5&wgl=1&dt=1621422500878&bpp=3&bdt=99&idt=76&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4743276787407&frm=20&pv=2&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=96
Frame ID: 3C3400A987F840FAAEC2DBA26AD76CBF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&h=280&slotname=9457245204&adk=4160768347&adf=995855647&pi=t.ma~as.9457245204&w=730&fwrn=4&fwrnh=100&lmt=1621422501&rafmt=1&psa=0&format=730x280&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1621422501233&bpp=3&bdt=454&idt=5&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4743276787407&frm=20&pv=1&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=YF4ZKkDz92&p=http%3A//portal-db.live&dtd=12
Frame ID: C78365547059ECE4DA31AA7632C0811D
Requests: 16 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 20B279AA804F5647E03BFC4E051A6D80
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js
Frame ID: E3B0F8F2D482FD0CDEBB9941D2B60D5A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 6D1E37657091E72D3FDF0B191475E049
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

62
Requests

77 %
HTTPS

64 %
IPv6

18
Domains

21
Subdomains

18
IPs

5
Countries

870 kB
Transfer

2018 kB
Size

5
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.mymandg.co.uk/
Title:

Search URL Search Domain Scan URL

URL: https://www.mandg.co.uk/investor/manage-your-investments-online/
Title:

Search URL Search Domain Scan URL

URL: https://www.mandg.co.uk/investor/invest-with-mg/
Title:

Search URL Search Domain Scan URL

URL: https://www.mandg.co.uk/
Title:

Search URL Search Domain Scan URL

URL: https://myaccount.mandg.com/
Title:

Search URL Search Domain Scan URL

URL: https://global.mandg.com/careers
Title:

Search URL Search Domain Scan URL

URL: https://www.mandg.com/ireland/adviser/
Title:

Search URL Search Domain Scan URL

URL: https://www.mandg.com/americas/us-offshore/why-choose-mg/
Title:

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53

https://d.agkn.com/pixel/2175/?google_gid=CAESEJ5QR5ty2BlKXjOtthGxwQ8&google_cver=1&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX&google_hm=Q0FFU0VKNVFSNXR5MkJsS1hqT3R0aEd4d1E4

Request Chain 54

https://rtb.openx.net/sync/dds?google_gid=CAESEEQhSR37nC-BPYI-g8Wi6C4&google_cver=1&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEEQhSR37nC-BPYI-g8Wi6C4&google_cver=1&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&google_hm=kmxMTjS9wSIjP-fqrAg83w==

Request Chain 55

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENRyQGSENziY0OYrf8yJvdI&google_cver=1&google_push=AQvitUKoHPZfHAM02D97KtB4AlIphqYHcB8xMewwwZSIDN-YCfKE_UQIXEFtZvRzDo5Axhz-rX90ioQLkPRGpl2eUCBBnTrSaSyN HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESENRyQGSENziY0OYrf8yJvdI&google_cver=1&google_push=AQvitUKoHPZfHAM02D97KtB4AlIphqYHcB8xMewwwZSIDN-YCfKE_UQIXEFtZvRzDo5Axhz-rX90ioQLkPRGpl2eUCBBnTrSaSyN&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YHgHT_zlTe6ETvh5ENKwXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKoHPZfHAM02D97KtB4AlIphqYHcB8xMewwwZSIDN-YCfKE_UQIXEFtZvRzDo5Axhz-rX90ioQLkPRGpl2eUCBBnTrSaSyN

Request Chain 56

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEILcBdBa22X-Jq45Sw7iiss&google_cver=1&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1d0XU6kskChm9Q5ULebuOMOgoe HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRDNEVTAtTS1FNzQz&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1d0XU6kskChm9Q5ULebuOMOgoe

Request Chain 57

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1

Request Chain 58

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIsRvbfgFwzBVBMaTMKmjEw&google_cver=1&google_push=AQvitUKBGIgbA4L0XBcgEUW5gBOZxzDHhCGX-pJMIDUYctpyh2cQ0GNi9U7_LoX0_DA0G4bfX0uJ3rzHhR9Q7JeGiOjJei7Er0hlBw HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKBGIgbA4L0XBcgEUW5gBOZxzDHhCGX-pJMIDUYctpyh2cQ0GNi9U7_LoX0_DA0G4bfX0uJ3rzHhR9Q7JeGiOjJei7Er0hlBw&google_hm=

62 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request mg-investments Show response
portal-db.live/ 96 KB
46 KB 352ms
321ms Document
text/html 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.29
Resource Hash: 3a162385d9c870746bcd855a497c07e3dfb685b50db063542ffba751b11be8d3

Request headers

Host: portal-db.live
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.29
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 21ms
19ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-141892281-1

Requested by

Host: portal-db.live
URL: http://portal-db.live/mg-investments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

859ba22a5133a0e20a177b34adfc527d20653423a49df695c5d442e13e53a817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:20 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35700
x-xss-protection: 0
last-modified: Wed, 19 May 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 19 May 2021 11:08:20 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 132 KB
47 KB 47ms
26ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: portal-db.live
URL: http://portal-db.live/mg-investments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47946
x-xss-protection: 0
server: cafe
etag: 18260956113010957495
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 11:08:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 16 KB
787 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Requested by

Host: portal-db.live
URL: http://portal-db.live/mg-investments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 09:32:23 GMT
server: ESF
date: Wed, 19 May 2021 11:08:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 11:08:20 GMT

GET
H2 200 css
fonts.googleapis.com/ 25 KB
1 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Requested by

Host: portal-db.live
URL: http://portal-db.live/mg-investments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a837f051ac8249ce2e1c0215298ef878bc3b3017bc2b8e5bdea1cd88e8e1e54c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 09:20:45 GMT
server: ESF
date: Wed, 19 May 2021 11:08:20 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 11:08:20 GMT

GET
H/1.1 200
OK bootstrap.min.css
portal-db.live/css/ 152 KB
23 KB 291ms
260ms Stylesheet
text/css 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/css/bootstrap.min.css
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 16:20:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "2606e-59d217c11a157-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 23238

GET
H/1.1 200
OK style.css
portal-db.live/css/ 21 KB
4 KB 316ms
285ms Stylesheet
text/css 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/css/style.css?v=1.94
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 39459a6316000f485c67ee7ddb000c35dc38d23b3d4219469ad1c586d29dc125

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Apr 2020 09:10:22 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "5364-5a25f497ff682-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 3970

GET
H/1.1 200
OK font-awesome.min.css
portal-db.live/css/ 30 KB
7 KB 312ms
281ms Stylesheet
text/css 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/css/font-awesome.min.css
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 16:20:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "7918-59d217c12e6dc-gzip"
Vary: Accept-Encoding
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7053

GET
H2 200 sdk.js Show response
connect.facebook.net/en_GB/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js

Requested by

Host: portal-db.live
URL: http://portal-db.live/mg-investments

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

9473c62b7b56bdec75b7759649579ccd720e2d3a47229fb58df37912f3f99a8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: eHD+ZyMkG6anUtIbDNit7Q==
cross-origin-resource-policy: cross-origin
expires: Wed, 19 May 2021 11:14:58 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1779
x-fb-rlafr: 0
x-fb-debug: YGmbA0/UGonVD0KoNbpVX4QfgVcbQx+f00dJ9uGHmPl//7iIssCi3Y35fQqODNS5moDTepQxY5u3x0c7cU0dbw==
x-fb-trip-id: 1709462857
x-fb-content-md5: 6dcb8c01b4a08f01e7fadd6634cf7fa8
date: Wed, 19 May 2021 11:08:20 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "bfbb99fb31d7ddeef39f8f4d16b47ad7"
timing-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5

GET
H/1.1 200
OK portal-db.png
portal-db.live/ 51 KB
51 KB 303ms
272ms Image
image/png 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/portal-db.png
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 48daddb4b7cff8c3f5205a0f0605bebd7ae9c5aa706028bad0e9d81e153909a7

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Tue, 28 Jan 2020 16:12:20 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "ccdc-59d357d10ebca"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 52444

GET
H/1.1 200
OK default.jpg
portal-db.live/img/ 29 KB
29 KB 327ms
296ms Image
image/jpeg 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/img/default.jpg
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 9eab240aa1579cd829366df5b73a9376ad0d3b7279ce6fb69315caa0222e6078

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Mon, 27 Jan 2020 16:20:23 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "74c2-59d217c056c57"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 29890

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_GB/ 213 KB
63 KB 27ms
12ms Script
application/x-javascript 2a03:2880:f045:10:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_GB/sdk.js?hash=f546d50e30bb01c8cdd2ecf7c43d5b5f&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f045:10:face:b00c:0:3 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8fbe4fdd9093f4c2da205b962a6b0de294362b51a56eadde3091bfe27220ff71

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: http://portal-db.live
Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: QHhvlafxqNhIYlv2uz0GpA==
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 64597
x-fb-rlafr: 0
x-fb-debug: PIs6DgusGNxmP3t3HaQWBl/xn4GVuKEgCw3/N9ftxlVTGXYQVVUrE3XMGwuiyjS9dgBReSGmIS/pkbXIr2HEZA==
x-fb-content-md5: b4e4bffcac3040b2a950506bd33b3313
x-frame-options: DENY
date: Wed, 19 May 2021 11:08:20 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "d3fcbb4a1e0dd31af7fd5e32e42d3fac"
timing-allow-origin: *
priority: u=3,i
expires: Thu, 19 May 2022 09:19:24 GMT

GET
H/1.1 200
OK us.png
portal-db.live/flag/ 609 B
892 B 438ms
155ms Image
image/png 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/flag/us.png
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/mg-investments
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Fri, 07 Feb 2020 11:55:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "261-59dfb10a02db6"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 609

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-141892281-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 5904
date: Wed, 19 May 2021 09:29:56 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Wed, 19 May 2021 11:29:56 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:82f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=2017189562&t=pageview&_s=1&dl=http%3A%2F%2Fportal-db.live%2Fmg-investments&ul=en-us&de=UTF-8&dt=M%26g%20Investments%20Login&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2085936444&gjid=761512274&cid=862491329.1621422501&tid=UA-141892281-1&_gid=369466838.1621422501&_r=1&gtm=2ou5c1&z=537207996

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:20 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: http://portal-db.live
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/ 231 KB
85 KB 46ms
32ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9241928136529283&plah=portal-db.live&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87252
x-xss-protection: 0
server: cafe
etag: 5322897297824761394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 May 2021 11:08:20 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/ Frame DCB4 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210517/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210517/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://portal-db.live/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://portal-db.live/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 18 May 2021 22:33:52 GMT
expires: Tue, 01 Jun 2021 22:33:52 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 45268
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK nopreview.jpg
portal-db.live/ 6 KB
6 KB 166ms
161ms Image
image/jpeg 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/nopreview.jpg
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 76cce5465f6ef2aecd7bfa79d77aa732945d8ec2bc93c16db70bead01634d6a1

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/mg-investments
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Wed, 04 Mar 2020 06:43:02 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "16a6-5a001bb60df3d"
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 5798

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 204 B
640 B 226ms
78ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=portal-db.live&callback=_gfp_s_&client=ca-pub-9241928136529283

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210517/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-9241928136529283&plah=portal-db.live&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s45-in-f2.1e100.net

Software

cafe /

Resource Hash

87de899a3ba961aa19d43890d857e4476bf5308cf15bd46348371b452fc1734f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 192
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
313 B 18ms
17ms Script
application/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=portal-db.live

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 11:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
313 B 18ms
18ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=portal-db.live

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 11:08:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3C34 23 KB
1 KB 78ms
77ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&adk=1812271804&adf=3025194257&lmt=1621422500&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&ea=0&flash=0&pra=5&wgl=1&dt=1621422500878&bpp=3&bdt=99&idt=76&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4743276787407&frm=20&pv=2&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=96

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef40aa268e9d81035990ae3ed8438acfb82b77d0dfbf2a375da5071f57e2041d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9241928136529283&output=html&adk=1812271804&adf=3025194257&lmt=1621422500&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&ea=0&flash=0&pra=5&wgl=1&dt=1621422500878&bpp=3&bdt=99&idt=76&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4743276787407&frm=20&pv=2&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=1&uci=a!1&fsb=1&dtd=96
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://portal-db.live/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://portal-db.live/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 11:08:21 GMT
server: cafe
content-length: 1333
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 19-May-2021 11:23:20 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 11:08:21 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 35ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251140663589"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27994
x-xss-protection: 0
expires: Wed, 19 May 2021 11:08:21 GMT

GET
H2 200 7Auwp_0qiz-afTLGLQ.woff2
fonts.gstatic.com/s/muli/v22/ 30 KB
31 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/muli/v22/7Auwp_0qiz-afTLGLQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Muli:200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://portal-db.live
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 07:06:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 15 Jul 2020 20:50:02 GMT
server: sffe
age: 532939
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31120
x-xss-protection: 0
expires: Fri, 13 May 2022 07:06:02 GMT

GET
H/1.1 200
OK date.png
portal-db.live/ 474 B
757 B 258ms
155ms Image
image/png 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/date.png
Requested by: Host: portal-db.live
URL: http://portal-db.live/css/style.css?v=1.94
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 39319b0d60b3aacabf57aba9c00f65cb01c3d1dd36aeffb41bbe6e9de01fa9df

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/css/style.css?v=1.94
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/css/style.css?v=1.94
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Wed, 04 Mar 2020 08:13:06 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1da-5a002fd78ac22"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 474

GET
H/1.1 200
OK fontawesome-webfont.woff2
portal-db.live/fonts/ 63 KB
63 KB 198ms
154ms Font
application/octet-stream 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: portal-db.live
URL: http://portal-db.live/css/font-awesome.min.css
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

Pragma: no-cache
Origin: http://portal-db.live
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://portal-db.live/css/font-awesome.min.css
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1
Connection: keep-alive
Cache-Control: no-cache
Origin: http://portal-db.live
Referer: http://portal-db.live/css/font-awesome.min.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:21 GMT
Last-Modified: Mon, 27 Jan 2020 16:20:24 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "fbd0-59d217c1816fc"
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 64464

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 29ms
16ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=portal-db.live

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 11:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 29ms
15ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=portal-db.live

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 11:08:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C783 74 KB
25 KB 757ms
757ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&h=280&slotname=9457245204&adk=4160768347&adf=995855647&pi=t.ma~as.9457245204&w=730&fwrn=4&fwrnh=100&lmt=1621422501&rafmt=1&psa=0&format=730x280&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1621422501233&bpp=3&bdt=454&idt=5&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4743276787407&frm=20&pv=1&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=YF4ZKkDz92&p=http%3A//portal-db.live&dtd=12

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ff966bc3f40d919b5ceb0e1c4ec9cba7e87101d4a510870de3680c82099ec582

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-9241928136529283&output=html&h=280&slotname=9457245204&adk=4160768347&adf=995855647&pi=t.ma~as.9457245204&w=730&fwrn=4&fwrnh=100&lmt=1621422501&rafmt=1&psa=0&format=730x280&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1621422501233&bpp=3&bdt=454&idt=5&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4743276787407&frm=20&pv=1&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=YF4ZKkDz92&p=http%3A//portal-db.live&dtd=12
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://portal-db.live/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://portal-db.live/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 May 2021 11:08:21 GMT
server: cafe
content-length: 25620
x-xss-protection: 0
set-cookie: IDE=AHWqTUkK0ZOQZjwh02BvJMD9iE6nZ3uQ31uypyyQVrQRT2-Xf4tgIndF6ZgIgDYNRoY; expires=Mon, 13-Jun-2022 11:08:21 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 May 2021 11:08:21 GMT
cache-control: private

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b6246bc750236ad44191f4f7ae8283cfd3f2ade4a769dea2875ba4347f1dc0c

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c405092f7b123b01dd653a6df4920cb9da742abad46494f0a82722876ffa6e4

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://portal-db.live
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 502372
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:29 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 8ms
8ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://portal-db.live
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 01:43:32 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
age: 552289
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
expires: Fri, 13 May 2022 01:43:32 GMT

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b042c4296f1cf316ad39d716efd5abd2582da96ff55d4a80d10a4d9daa0453a1

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK portal-DB-verification-stamp.png
portal-db.live/ 75 KB
76 KB 151ms
151ms Image
image/png 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://portal-db.live/portal-DB-verification-stamp.png
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: e5846f41ad1836f3c3b98ac2699f491256181dd290e36e9d3538b7e06fe41149

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Referer: http://portal-db.live/mg-investments
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1; __gads=ID=ecc6f4fbf29a7595-229a6a4c45c800ff:T=1621422501:RT=1621422501:S=ALNI_MZfLtgqvCGLvrb441VjiJdiYYkepQ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:22 GMT
Last-Modified: Tue, 28 Jan 2020 11:42:47 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "12de3-59d31b90b10ab"
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 77283

GET
DATA 200
OK truncated
/ 11 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 71f5cee02dac4db757922aa31d24a8e943f7379e9ac1bfcfd9bad2bc7426960d

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK jquery.min.js Show response
portal-db.live/js/ 86 KB
30 KB 160ms
159ms Script
application/javascript 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/js/jquery.min.js
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://portal-db.live/mg-investments
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1; __gads=ID=ecc6f4fbf29a7595-229a6a4c45c800ff:T=1621422501:RT=1621422501:S=ALNI_MZfLtgqvCGLvrb441VjiJdiYYkepQ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 16:20:23 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "15851-59d217bffc707-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 30677

GET
H/1.1 200
OK bootstrap.bundle.min.js Show response
portal-db.live/js/ 77 KB
22 KB 159ms
158ms Script
application/javascript 45.79.27.228
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to

Full URL: http://portal-db.live/js/bootstrap.bundle.min.js
Requested by: Host: portal-db.live
URL: http://portal-db.live/mg-investments
Protocol: HTTP/1.1
Server: 45.79.27.228 Richardson, United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1126-228.members.linode.com
Software: Apache/2.4.7 (Ubuntu) /
Resource Hash: 7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: portal-db.live
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: */*
Referer: http://portal-db.live/mg-investments
Cookie: _ga=GA1.2.862491329.1621422501; _gid=GA1.2.369466838.1621422501; _gat_gtag_UA_141892281_1=1; __gads=ID=ecc6f4fbf29a7595-229a6a4c45c800ff:T=1621422501:RT=1621422501:S=ALNI_MZfLtgqvCGLvrb441VjiJdiYYkepQ
Connection: keep-alive
Cache-Control: no-cache
Referer: http://portal-db.live/mg-investments
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 19 May 2021 11:08:22 GMT
Content-Encoding: gzip
Last-Modified: Mon, 27 Jan 2020 16:20:23 GMT
Server: Apache/2.4.7 (Ubuntu)
ETag: "1332b-59d217c00ff87-gzip"
Vary: Accept-Encoding
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 22295

GET
H3-29 200 css
fonts.googleapis.com/ Frame C783 6 KB
669 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&h=280&slotname=9457245204&adk=4160768347&adf=995855647&pi=t.ma~as.9457245204&w=730&fwrn=4&fwrnh=100&lmt=1621422501&rafmt=1&psa=0&format=730x280&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1621422501233&bpp=3&bdt=454&idt=5&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4743276787407&frm=20&pv=1&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=YF4ZKkDz92&p=http%3A//portal-db.live&dtd=12

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 May 2021 09:15:34 GMT
server: ESF
date: Wed, 19 May 2021 11:08:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 May 2021 11:08:22 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C783 1 KB
990 B 31ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:03:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 279
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:03:43 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/ Frame C783 17 KB
7 KB 27ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:07:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7009
x-xss-protection: 0
server: cafe
etag: 607056201285360291
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:07:21 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C783 2 KB
1 KB 27ms
10ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 166
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:05:36 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C783 118 KB
36 KB 28ms
14ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1621251134821955"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36689
x-xss-protection: 0
expires: Wed, 19 May 2021 11:08:22 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/ Frame C783 13 KB
6 KB 24ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210517/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:05:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 167
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5621
x-xss-protection: 0
server: cafe
etag: 8169261014141303515
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Jun 2021 11:05:35 GMT

GET
H2 200 6bd41964be010df5460da51c4a6824b5.js Show response
www.gstatic.com/mysidia/ Frame C783 25 KB
10 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6bd41964be010df5460da51c4a6824b5.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 10:19:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 14 May 2021 23:56:38 GMT
server: sffe
age: 2926
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10390
x-xss-protection: 0
expires: Tue, 17 Aug 2021 10:19:36 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame C783 0
0 18ms
18ms Fetch
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CaFh5pfGkYKWAEMjz3wPc7piwCYqoi-hi0_GDht4Kq9e1z6IOEAEg3PiUUmCVAqABns2T-gLIAQmpAl4VUHf_iLQ-qAMByAPLBKoEzAFP0Inj1f8wSoSUhhcGUrwNc66_ns0QIxOdPKUGEiU_rhgzEe4KosHkNzuvydZLtjFYAfQLNsudLPXbJwCSdWJWRa_dkPCgIIVyaVEUBwm9FZEIC9gVJaZAKpqskdxn47BvfNdqW06WQLArC0pFR3IRVm7lSZKK6CXu2vyyX9bmgHtHP8QwqZBZ9VB9iuIHcHPvws4k5rhr7lIvfZ8vVZHebEDydyhcBmEBXAzLVuEsrdKafUY_Mdwp7nNf12NDJF9dCCllB3yeZOYp6IfABKjTx6vCApIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfKsuyFAagH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAPIHBBCl1HnSCAkIgOGAEBABGB-ACgHICwHYEwyIFBPQFQGYFgGAFwGyFxoKGAgAEhRwdWItOTI0MTkyODEzNjUyOTI4Mw&sigh=LnsecI13rgU&template_id=484

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9241928136529283&output=html&h=280&slotname=9457245204&adk=4160768347&adf=995855647&pi=t.ma~as.9457245204&w=730&fwrn=4&fwrnh=100&lmt=1621422501&rafmt=1&psa=0&format=730x280&url=http%3A%2F%2Fportal-db.live%2Fmg-investments&flash=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&dt=1621422501233&bpp=3&bdt=454&idt=5&shv=r20210517&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=4743276787407&frm=20&pv=1&ga_vid=862491329.1621422501&ga_sid=1621422501&ga_hid=2017189562&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=353&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=182982200%2C31061138&oid=3&pvsid=3202798615023558&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=23&ifi=2&uci=a!2&fsb=1&xpc=YF4ZKkDz92&p=http%3A//portal-db.live&dtd=12
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 May 2021 11:08:22 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/8252427573351516973/ Frame C783 7 KB
7 KB 18ms
12ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8252427573351516973/downsize_200k_v1?w=400&h=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

76efd892e91d93eb53a57363fb1cfdc8d2fd0dec044dad5b3282de7c775bf632

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 18 May 2021 21:38:42 GMT
x-content-type-options: nosniff
age: 48580
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6994
x-xss-protection: 0
last-modified: Mon, 19 Aug 2019 15:54:45 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 18 May 2022 21:38:42 GMT

GET
H2 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/4133843903301574459/ Frame C783 2 KB
2 KB 18ms
13ms Image
image/jpeg 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4133843903301574459/downsize_200k_v1?w=100&h=100

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12a9021bd41550c4097e8580b2696d3694ab73ed44b7dfb7933b3e6963593823

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 10:17:58 GMT
x-content-type-options: nosniff
age: 262224
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1868
x-xss-protection: 0
last-modified: Thu, 22 Nov 2018 14:40:33 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 16 May 2022 10:17:58 GMT

GET
DATA 200
OK truncated
/ Frame C783 221 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 20B2 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 19 May 2021 03:14:09 GMT
expires: Thu, 20 May 2021 03:14:09 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 28453
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame C783 207 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b0dceb639c216e1910d4282d1ab2b12a7278654c309b01c999ea520ef6d3f59c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C783 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 16 May 2021 04:23:23 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
age: 283499
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15732
x-xss-protection: 0
expires: Mon, 16 May 2022 04:23:23 GMT

GET
H3-29 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ Frame C783 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 13 May 2021 15:35:29 GMT
x-content-type-options: nosniff
last-modified: Mon, 05 Apr 2021 21:10:46 GMT
server: sffe
age: 502373
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
expires: Fri, 13 May 2022 15:35:29 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 20B2 35 B
463 B 31ms
13ms Image
image/gif 2620:116:800d:21:5a23:9c4e:e774:96c1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEImZNXVrNg7SQqck60R2wUo&google_cver=1&google_push=AQvitULJVloc-KEDp9rZ2if5gChyGDmOc0TqGikCA-8IszR18wTBh3pOphB3xMZcgiGKx-R_lZJ3WU0qfbaMQ1Mi4IFB84CKqpX9

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:5a23:9c4e:e774:96c1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEJ5QR5ty2BlKXjOtthGxwQ8&google_cver=1&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX&google_hm=Q0FFU0VKNVFSNXR5MkJsS...

170 B
188 B

133ms
69ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX&google_hm=Q0FFU0VKNVFSNXR5MkJsS1hqT3R0aEd4d1E4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 19 May 2021 11:08:21 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AQvitUIrg6N6e495F3cFG4t2jpK-qxAYszjULXafidKWPGfo33F7rZtDeW0thgE0FB3LKl1920bxkjJgLtlR7zeqIJpUVNN6pNlX&google_hm=Q0FFU0VKNVFSNXR5MkJsS1hqT3R0aEd4d1E4
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEEQhSR37nC-BPYI-g8Wi6C4&google_cver=1&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV
https://rtb.openx.net/sync/dds?google_gid=CAESEEQhSR37nC-BPYI-g8Wi6C4&google_cver=1&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&google_hm=kmxMTjS9wSIjP-fqrAg83w==

170 B
188 B

72ms
71ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&google_hm=kmxMTjS9wSIjP-fqrAg83w==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AQvitULm5zmCeH-CnTFQXGpSlDGWW-bqhXF1s3mK58ZblijfRK_CUBDs8PuUoEXK3kEinX0uHZdoS_MeszjZzTZ3ODHLedWDN6vV&google_hm=kmxMTjS9wSIjP-fqrAg83w==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 5vj7g0vul04uf78u8d2fn16eunn4pona

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YHgHT_zlTe6ETvh5ENKwXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

103ms
70ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YHgHT_zlTe6ETvh5ENKwXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKoHPZfHAM02D97KtB4AlIphqYHcB8xMewwwZSIDN-YCfKE_UQIXEFtZvRzDo5Axhz-rX90ioQLkPRGpl2eUCBBnTrSaSyN

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=YHgHT_zlTe6ETvh5ENKwXQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AQvitUKoHPZfHAM02D97KtB4AlIphqYHcB8xMewwwZSIDN-YCfKE_UQIXEFtZvRzDo5Axhz-rX90ioQLkPRGpl2eUCBBnTrSaSyN
date: Wed, 19 May 2021 11:08:21 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEILcBdBa22X-Jq45Sw7iiss&google_cver=1&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRDNEVTAtTS1FNzQz&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1d0XU6kskChm9Q5ULebuOMOgoe

170 B
188 B

136ms
71ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRDNEVTAtTS1FNzQz&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1d0XU6kskChm9Q5ULebuOMOgoe

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S09WRDNEVTAtTS1FNzQz&google_push=AQvitUK2v2wIfWySiSrWdKhd-1gD9R4azZC84SY_GgdRw9D80OXZ3TRbF3d-ysJvBvpshHnK_v1d0XU6kskChm9Q5ULebuOMOgoe
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_push=AQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7Xseoo...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 20B2
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIsRvbfgFwzBVBMaTMKmjEw&google_cver=1&google_push=AQvitUKBGIgbA4L0XBcgEUW5...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKBGIgbA4L0XBcgEUW5gBOZxzDHhCGX-pJMIDUYctpyh2cQ0GNi9U7_LoX0_DA0G4bfX0uJ3rzHhR9Q7JeGiOjJei7Er0hlBw&google_hm=

170 B
188 B

104ms
70ms

Image
image/png

142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKBGIgbA4L0XBcgEUW5gBOZxzDHhCGX-pJMIDUYctpyh2cQ0GNi9U7_LoX0_DA0G4bfX0uJ3rzHhR9Q7JeGiOjJei7Er0hlBw&google_hm=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AQvitUKBGIgbA4L0XBcgEUW5gBOZxzDHhCGX-pJMIDUYctpyh2cQ0GNi9U7_LoX0_DA0G4bfX0uJ3rzHhR9Q7JeGiOjJei7Er0hlBw&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Tue, 18 May 2021 11:08:22 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 20B2 0
227 B 197ms
68ms Image
text/html 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lgxb6DHmqKHh4wDNlsjSEFj4JzanFLmjgO5jnWXyOGJr_zTl154Qjgsic2ETc4GjULEe0brQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:22 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 31ms
18ms XHR
application/json 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210517&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

798e7954d2b4295b7761541176be77fdc7295dfc8a48e6bc84bedd621faaeea6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 May 2021 11:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7700
x-xss-protection: 0

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame E3B0 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 10:02:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 3927
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 10:02:55 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 29ms
15ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 11:08:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Wed, 19 May 2021 11:08:22 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 6D1E 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: http://portal-db.live/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: http://portal-db.live/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Wed, 19 May 2021 10:54:30 GMT
expires: Thu, 19 May 2022 10:54:30 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 832
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js Show response
pagead2.googlesyndication.com/bg/ Frame 6D1E 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/CWq9ndk-1oeaRFSw5-gDkkYul7vu_3Fd6OpFoFd0cNM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 19 May 2021 10:02:55 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Wed, 12 May 2021 09:08:00 GMT
server: sffe
age: 3927
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5728
x-xss-protection: 0
expires: Thu, 19 May 2022 10:02:55 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210517&jk=3202798615023558&bg=!UVKlUhbNAAZ7hX_Ue4U7ACkAdvg8WgxTQ8NTGTrQbI1OugUWfbrvGsdoDWA9Y8gei3Xg1ibO87TGAAIAAAB3UgAAAAxoAQcKACnAyJQHNuh__KVsm-CbBV_-hnAUS1QYUqQA8vcT6liBeUAmYvOeGPvdu5kCRG-iSd71aCb18CWTORSAJcO9ul-c2p16S1DzqHcWB2AOLHklr2BlgynCJDVvYb_rWr4VrrnWduOCwJXG1dKo5DwIodVKAUkPP9U3axg8tuyxwxKIt52VuoBIqChVUY9oky1OQUGYig_iifDXrSFt8buxKU3Z8nT2vAOm-I7ZnTbyjn2Hhu2470MKROraLYxcbTAMQr08qRwyfli94Dh0HJxwbgEcnAV3t2TYDAEFIO1rfQIJMzfzgiGpWbqklnz_pvUgEiS2vdYanrM9KnAu_UaKhqCysABPr7uvIluRy-Pxpc2fWXunuL6FtLyZiKqsqQrK960RnbXLqBUU5jDeX01lcTuGHuaE8_q0LopcYBN6DTP1gYz03-EDUWSXdkl-ztVqNh7jSiul6F1lHjb7hM7b9nGYYHoT25xWvIwotQQWFcnChjmGiEMZ6Fpj9nnwTE87qbiKpF59TUeTEckpoTdowzCJJkZ1MVh49Pwv5Z2ugc8b8aJ_I0CZUW1WBbjBZXujuhPJTvnHkuSQbEpfOtd3THI9cggBOotIGWo3z6mry9R73cXbE5XO9hl_nSMIY08xxyIvGAOXh2QiQ2CYwVprnqF42TduwyVS_9ULai1mC8ZfJTTVUiGPa4e6LTuGiSl-VBhxSthy97CexxQ0LMUG7y2Tg4vMeKdrrfvv0J0rE31s7k-caS-1Ag2FGpqAjF4OC0vhcRARdC40_oXcJ-2k1x-YPXHGtmC87MA4p2QpRfF-UADQOe5cjXx1ZH6ugIHNwR4

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://portal-db.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:22 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C783 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstMzS_hzrp_E1RHD3W5ovgU7q-thTU3laSiAkRBxKJrZGnRSmAPCluxL4DKyifS58VkuR3mzzvA2pSIfz-ppuYUAdFpUY2GRGEO8XzkG3d8ZGeDifS4i13eLKMJJA&sai=AMfl-YQ0WNhoVs5APSsOMYtPxVJdS9Rw_-ltcsO6DHC1oMDqunzYIRJq9h7agf8Yd-onwuxJ_WW7nL63FryfTRpBWMPAU-qvKr3c2KE&sig=Cg0ArKJSzOWKr70XWW4IEAE&cid=CAASF-RopPeUiWWDuQwmtsIC3KD5i19OtYeY&id=lidar2&mcvt=1000&p=353,245,633,975&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210517&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=4160768347&rs=2&met=mue&la=0&cr=0&osd=1&vs=4&rst=1621422501249&dlt=758&rpt=3&isd=0&msd=0&r=v&fum=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 May 2021 11:08:23 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YKTxpquqOHcupShRi95RLQAAByIAAAAB&google_push=AQvitUJNAFMCHJ2NCGk1ORrCmIc1poVNHdn2L3T1En-EdWWBw1bqQdVpTHiMrT6MkO6HNP3shu1GLDcniwmk7XseooD7kInq-6Sv&google_gid=CAESEG1osVPABtUk7_02G-IOnJ4&google_cver=1

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 03:45:18	Name: IDE Value: AHWqTUkK0ZOQZjwh02BvJMD9iE6nZ3uQ31uypyyQVrQRT2-Xf4tgIndF6ZgIgDYNRoY
.portal-db.live/	1970-01-20 03:45:18	Name: __gads Value: ID=ecc6f4fbf29a7595-229a6a4c45c800ff:T=1621422501:RT=1621422501:S=ALNI_MZfLtgqvCGLvrb441VjiJdiYYkepQ
.portal-db.live/	1970-01-19 18:23:42	Name: _gat_gtag_UA_141892281_1 Value: 1
.portal-db.live/	1970-01-19 18:25:08	Name: _gid Value: GA1.2.369466838.1621422501
.portal-db.live/	1970-01-20 11:54:54	Name: _ga Value: GA1.2.862491329.1621422501

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
d.agkn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
image6.pubmatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
portal-db.live
rtb.openx.net
tpc.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
142.250.74.194
172.217.23.98
185.64.190.78
217.182.200.29
2620:116:800d:21:5a23:9c4e:e774:96c1
2a00:1450:4001:802::2003
2a00:1450:4001:803::2001
2a00:1450:4001:808::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2008
2a00:1450:4001:813::2002
2a00:1450:4001:828::2002
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200a
2a00:1450:4001:82f::200e
2a00:1450:4001:831::2002
2a03:2880:f045:10:face:b00c:0:3
35.227.252.103
45.79.27.228
52.28.108.245
69.173.144.139
00535b5b597302e2749d3c2671f53ac61d0ba3b3e1a6624e6235ce18811b514b
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
096abd9dd93ed6879a4454b0e7e80392462e97bbeeff715de8ea45a0577470d3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
12a9021bd41550c4097e8580b2696d3694ab73ed44b7dfb7933b3e6963593823
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
2a138f5a790f47f9c8e1b3b6c88ea4fecb1abd1b1011a7d842b721d2fa943ed3
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
36cce5cae3d2e0045b2b2b6cbffdad7a0aba3e99919cc219bbf0578efdc45585
39319b0d60b3aacabf57aba9c00f65cb01c3d1dd36aeffb41bbe6e9de01fa9df
39459a6316000f485c67ee7ddb000c35dc38d23b3d4219469ad1c586d29dc125
3a162385d9c870746bcd855a497c07e3dfb685b50db063542ffba751b11be8d3
3ac13025dc609fbe2671ff553cec81ea6e640efa3413d7c8944e461b718d1782
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
4373a7c880f00a8373da62d923fdb65d84317ae8755e8a66b48e098b29adf53f
4821fcf9c6131b5e09c316f6946b187f0b3751d723a19b2ff9f2df396d232cbf
48daddb4b7cff8c3f5205a0f0605bebd7ae9c5aa706028bad0e9d81e153909a7
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
4f488ba69b34a8b4d924f46e58cbbe62ad1031ee74af785d328ccb54c4cd9b5f
5b6246bc750236ad44191f4f7ae8283cfd3f2ade4a769dea2875ba4347f1dc0c
5f4f2e8ffc67a3c2544f8be9672125a0c5a5f0035fa6bfc6d75ee297e30461e5
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
613603afe8c5203c59d7f9df1cbac87109df7ffdf245fd20becfa6bd95b92155
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c405092f7b123b01dd653a6df4920cb9da742abad46494f0a82722876ffa6e4
71f5cee02dac4db757922aa31d24a8e943f7379e9ac1bfcfd9bad2bc7426960d
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
76cce5465f6ef2aecd7bfa79d77aa732945d8ec2bc93c16db70bead01634d6a1
76efd892e91d93eb53a57363fb1cfdc8d2fd0dec044dad5b3282de7c775bf632
798e7954d2b4295b7761541176be77fdc7295dfc8a48e6bc84bedd621faaeea6
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7f3145c87d3570154f633975e8a4f8d30aa38603edaba145501e9c90ddbe186c
859ba22a5133a0e20a177b34adfc527d20653423a49df695c5d442e13e53a817
87de899a3ba961aa19d43890d857e4476bf5308cf15bd46348371b452fc1734f
8f5315ed9f5e070e85a60e405d9aac92286319c20c2fcb39cc2d6c01090c652d
8fbe4fdd9093f4c2da205b962a6b0de294362b51a56eadde3091bfe27220ff71
93ea87740a629b311148b644cb72d376ef82344939bc4d47acff4aa0719ad668
9473c62b7b56bdec75b7759649579ccd720e2d3a47229fb58df37912f3f99a8f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9eab240aa1579cd829366df5b73a9376ad0d3b7279ce6fb69315caa0222e6078
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a837f051ac8249ce2e1c0215298ef878bc3b3017bc2b8e5bdea1cd88e8e1e54c
b042c4296f1cf316ad39d716efd5abd2582da96ff55d4a80d10a4d9daa0453a1
b0dceb639c216e1910d4282d1ab2b12a7278654c309b01c999ea520ef6d3f59c
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5846f41ad1836f3c3b98ac2699f491256181dd290e36e9d3538b7e06fe41149
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef40aa268e9d81035990ae3ed8438acfb82b77d0dfbf2a375da5071f57e2041d
fbe1583d8642d89d0c349b00c0125e485dd55976282165a6b5f2d29ea9d44549
ff966bc3f40d919b5ceb0e1c4ec9cba7e87101d4a510870de3680c82099ec582

portal-db.live Open in urlscan Pro 45.79.27.228 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

62 Requests

77 %HTTPS

64 %IPv6

18 Domains

21 Subdomains

18 IPs

5 Countries

870 kBTransfer

2018 kBSize

5 Cookies

8 Outgoing links

Redirected requests

62 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

portal-db.live Open in urlscan Pro
45.79.27.228 Public Scan

Screenshot
Live screenshot

Full Image

62
Requests

77 %
HTTPS

64 %
IPv6

18
Domains

21
Subdomains

18
IPs

5
Countries

870 kB
Transfer

2018 kB
Size

5
Cookies

62 HTTP transactions
6 data transactions