www.onworks.net Open in urlscan Pro
2606:4700:20::ac43:479b Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.onworks.net/playonline/index.php
Effective URL:
https://www.onworks.net/onworkssession.php
Submission: On February 06 via manual (February 6th 2024, 12:16:21 pm UTC) from FR — Scanned from FR

Summary HTTP 278 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 38 IPs in 6 countries across 37 domains to perform 278 HTTP transactions. The main IP is 2606:4700:20::ac43:479b, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onworks.net. The Cisco Umbrella rank of the primary domain is 418522.
TLS certificate: Issued by GTS CA 1P5 on January 12th 2024. Valid for: 3 months.

This is the only time www.onworks.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 12	2606:4700:20:... 2606:4700:20::ac43:479b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	162.55.101.40 162.55.101.40	24940 (HETZNER-AS) (HETZNER-AS)
19	2001:41d0:701... 2001:41d0:701:1100::49e1	16276 (OVH) (OVH)
2	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
11	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
49	2a00:1450:400... 2a00:1450:4001:81c::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
3 20	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:803::200a	15169 (GOOGLE) (GOOGLE)
40	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
6	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1 2	18.202.133.215 18.202.133.215	16509 (AMAZON-02) (AMAZON-02)
3 22	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2 4	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 2	185.89.210.180 185.89.210.180	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	23.211.8.12 23.211.8.12	16625 (AKAMAI-AS) (AKAMAI-AS)
12	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
1	142.251.168.155 142.251.168.155	15169 (GOOGLE) (GOOGLE)
1	2600:9000:223... 2600:9000:223f:bc00:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f13:800... 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1	16509 (AMAZON-02) (AMAZON-02)
1	3.75.62.37 3.75.62.37	16509 (AMAZON-02) (AMAZON-02)
8	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
4	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2	142.250.185.198 142.250.185.198	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:350... 2a02:26f0:3500:11::215:14dc	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	132.226.214.62 132.226.214.62	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
1 4	2a00:1450:400... 2a00:1450:4001:802::2004	15169 (GOOGLE) (GOOGLE)
10	2.19.103.55 2.19.103.55	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	151.101.2.49 151.101.2.49	54113 (FASTLY) (FASTLY)
2	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2	35.214.149.91 35.214.149.91	15169 (GOOGLE) (GOOGLE)
1 1	2a05:d018:d29... 2a05:d018:d29:3605:4d30:662b:6e06:fc7c	16509 (AMAZON-02) (AMAZON-02)
3 3	37.157.5.132 37.157.5.132	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:16::1400	() ()
1 2	2606:4700::68... 2606:4700::6812:18ad	() ()
1 1	3.64.186.134 3.64.186.134	() ()
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	178.250.1.9 178.250.1.9	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	2001:678:cb4:... 2001:678:cb4:bbbb::11	() ()
1	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	() ()
1	213.155.156.183 213.155.156.183	() ()
278	38

12 2606:4700:20::ac43:479b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.55.101.40 (Friedberg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.40.101.55.162.clients.your-server.de

downloads.uptoplay.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2001:41d0:701:1100::49e1 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)

stream.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

49 2a00:1450:4001:81c::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

40 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s05-in-f98.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.202.133.215 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-202-133-215.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 142.250.184.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.64.151.101 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.180 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.211.8.12 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-211-8-12.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.168.155 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wh-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:bc00:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 (Boardman, United States)

ASN16509 (AMAZON-02, US)

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.62.37 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
px.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:11::215:14dc (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

code.createjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 132.226.214.62 (Slough, United Kingdom)

ASN31898 (ORACLE-BMC-31898, US)

mb.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2.19.103.55 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-19-103-55.deploy.static.akamaitechnologies.com

havasfrorangedcmdisplay758646212611.s.moatpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.2.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.190.0.66 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.214.149.91 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)
PTR: 91.149.214.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3605:4d30:662b:6e06:fc7c (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.5.132 (None, ) 3 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1400 (None, )

ASN- ()

dclk-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:18ad (None, ) 1 redirects

ASN- ()

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.64.186.134 (None, ) 1 redirects

ASN- ()

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:678:cb4:bbbb::11 (None, ) 1 redirects

ASN- ()

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:e365:4988:e8a7:3270 (None, )

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.155.156.183 (None, )

ASN- ()

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
89	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 110 tpc.googlesyndication.com — Cisco Umbrella Rank: 157	1 MB
49	doubleclick.net 6 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 260 bid.g.doubleclick.net — Cisco Umbrella Rank: 917 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 594 ad.doubleclick.net — Cisco Umbrella Rank: 163	386 KB
31	onworks.net 1 redirects www.onworks.net — Cisco Umbrella Rank: 418522 stream.onworks.net images.onworks.net	117 KB
20	gstatic.com www.gstatic.com fonts.gstatic.com	266 KB
12	moatads.com z.moatads.com — Cisco Umbrella Rank: 704 mb.moatads.com — Cisco Umbrella Rank: 809 px.moatads.com — Cisco Umbrella Rank: 660	235 KB
12	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 336	407 KB
10	moatpixel.com havasfrorangedcmdisplay758646212611.s.moatpixel.com — Cisco Umbrella Rank: 173437	2 KB
10	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 1004 static.adsafeprotected.com — Cisco Umbrella Rank: 721 dt.adsafeprotected.com — Cisco Umbrella Rank: 719	110 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 230	520 KB
6	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 145
6	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	5 KB
5	uptoplay.net downloads.uptoplay.net	93 KB
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2	1 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 622	2 KB
3	adform.net 3 redirects c1.adform.net	2 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 27 region1.google-analytics.com — Cisco Umbrella Rank: 2029	21 KB
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 564	1 KB
2	tribalfusion.com 1 redirects a.tribalfusion.com s.tribalfusion.com	1 KB
2	bidswitch.net x.bidswitch.net — Cisco Umbrella Rank: 373	470 B
2	travelaudience.com 2 redirects ads.travelaudience.com — Cisco Umbrella Rank: 5893	906 B
2	rlcdn.com 2 redirects id.rlcdn.com — Cisco Umbrella Rank: 738	923 B
2	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 357	297 B
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 716	820 B
2	createjs.com code.createjs.com — Cisco Umbrella Rank: 1669	125 KB
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 358 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 495	840 B
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1376	326 B
2	openx.net 2 redirects us-u.openx.net — Cisco Umbrella Rank: 524	687 B
2	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 253	2 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	147 KB
1	de17a.com d5p.de17a.com	125 B
1	quantserve.com cms.quantserve.com	463 B
1	turn.com 1 redirects ad.turn.com	471 B
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 608	363 B
1	agkn.com 1 redirects d.agkn.com	736 B
1	dotomi.com dclk-match.dotomi.com	104 B
0	gemius.pl Failed googlecm.hit.gemius.pl Failed
0	spotxchange.com Failed sync.search.spotxchange.com Failed
278	37

	Domain	Requested by
49	pagead2.googlesyndication.com	www.onworks.net pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com fw.adsafeprotected.com www.googletagservices.com
40	tpc.googlesyndication.com	googleads.g.doubleclick.net www.onworks.net tpc.googlesyndication.com pagead2.googlesyndication.com
22	cm.g.doubleclick.net	3 redirects googleads.g.doubleclick.net
20	googleads.g.doubleclick.net	3 redirects pagead2.googlesyndication.com www.onworks.net googleads.g.doubleclick.net
13	stream.onworks.net	www.onworks.net
12	s0.2mdn.net	www.onworks.net s0.2mdn.net googleads.g.doubleclick.net
12	www.onworks.net	1 redirects www.onworks.net
11	www.gstatic.com	www.onworks.net googleads.g.doubleclick.net
10	havasfrorangedcmdisplay758646212611.s.moatpixel.com
9	fonts.gstatic.com	fonts.googleapis.com
8	www.googletagservices.com	googleads.g.doubleclick.net www.onworks.net
7	dt.adsafeprotected.com	googleads.g.doubleclick.net www.onworks.net
6	px.moatads.com	googleads.g.doubleclick.net
6	www.googleadservices.com	www.onworks.net
6	fonts.googleapis.com	googleads.g.doubleclick.net
6	images.onworks.net	www.onworks.net
5	downloads.uptoplay.net	www.onworks.net
4	www.google.com	1 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
4	mb.moatads.com	z.moatads.com
4	googleads4.g.doubleclick.net	www.onworks.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
3	c1.adform.net	3 redirects
2	creativecdn.com	2 redirects
2	x.bidswitch.net	googleads.g.doubleclick.net
2	ads.travelaudience.com	2 redirects
2	id.rlcdn.com	2 redirects
2	match.adsrvr.org	googleads.g.doubleclick.net
2	sync-tm.everesttech.net	2 redirects
2	code.createjs.com	s0.2mdn.net
2	ad.doubleclick.net	www.onworks.net
2	z.moatads.com	s0.2mdn.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	2 redirects
2	ib.adnxs.com	2 redirects
2	fw.adsafeprotected.com	1 redirects googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	www.onworks.net www.googletagmanager.com
1	d5p.de17a.com	googleads.g.doubleclick.net
1	cms.quantserve.com	googleads.g.doubleclick.net
1	ad.turn.com	1 redirects
1	dis.criteo.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	dclk-match.dotomi.com	googleads.g.doubleclick.net
1	pr-bh.ybp.yahoo.com	1 redirects
1	ups.analytics.yahoo.com	googleads.g.doubleclick.net
1	static.adsafeprotected.com	googleads.g.doubleclick.net
1	bid.g.doubleclick.net	googleads.g.doubleclick.net
1	region1.google-analytics.com	www.googletagmanager.com
0	googlecm.hit.gemius.pl Failed	googleads.g.doubleclick.net
0	sync.search.spotxchange.com Failed	googleads.g.doubleclick.net
278	52

This site contains links to these domains. Also see Links.

Domain
www.megadisk.net
chromewebstore.google.com
www.facebook.com
twitter.com
instagram.com
www.youtube.com
www.linkedin.com
www.offidocs.com
www.apkonline.net
www.uptoplay.net
www.offilive.com
www.redcoolmedia.net

Subject Issuer	Validity	Valid
onworks.net GTS CA 1P5	`2024-01-12` - `2024-04-11`	3 months	crt.sh
uptoplay.net R3	`2024-01-05` - `2024-04-04`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
teads.tv R3	`2024-01-22` - `2024-04-21`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-12-26` - `2024-06-19`	6 months	crt.sh
moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-25` - `2024-10-24`	a year	crt.sh
tls.adobe.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-02-08` - `2024-03-10`	a year	crt.sh
*.moatads.com DigiCert TLS RSA SHA256 2020 CA1	`2023-06-20` - `2024-07-20`	a year	crt.sh
www.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2023-03-23` - `2024-03-23`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-01` - `2024-03-01`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
quantserve.com R3	`2023-12-27` - `2024-03-26`	3 months	crt.sh
*.de17a.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-07` - `2024-12-07`	a year	crt.sh

This page contains 34 frames:

Primary Page: https://www.onworks.net/onworkssession.php
Frame ID: BE1D82F20A155F50CE5BDFDA709CCB9F
Requests: 51 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=8363645294&adk=4005142704&adf=2361439724&pi=t.ma~as.8363645294&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221777614&bpp=2&bdt=361&idt=186&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&correlator=5043432746550&frm=20&pv=2&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=458&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&pvsid=3754886673919165&tmod=1252727094&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CoEe%7Cp&abl=XS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=193
Frame ID: 9E9F95E5320274BCCA92E842D272C914
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&adk=84980950&adf=198458457&lmt=1704536527&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221777616&bpp=1&bdt=364&idt=203&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&pvsid=3754886673919165&tmod=1252727094&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=209
Frame ID: B5DAEEF68A077BAC0AEBECB48C3C58AC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: 054A0F1712E4D0B15A767A48B3DBE5BE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 701ACE7C6AC6A954E42422EAB05F4C53
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 2631B04274FDCA19E1ADCEAA032DC511
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4A45CF5F93691675FA62D2267CFF7B7F
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 87C6554D197647E929DEBE3096CDFA50
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNU1luAj6EtNUmKc9yixlWI6Wr57Owqfe52fQyBqCuqI6YK-btJN68wmEuc6wiC2qP9lw3hIhqMWyXLrDh_Ie_x5u7ukbX6qBX1-kdau3dFPMo5vwQmvdsC7CkpINpwJtGoNcBbCppm7vWbrnl5WTQ9eAfNfWmHvSz_sioe3cGiTFqXYBnM
Frame ID: 04B302A0672CDD464A5505C67C0EE02C
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: EE26091F548D901C283B9F9D0F89714B
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNVeOTYv-roLvMOG5R9q-_01q4PhASlZ8NyQB_YfJ0Mk4zu9SBV0IxLya8GMnEIu4iKIog6omjjrjH1aNAq4rb2VVBXGzEEdzQfdO3j_YAqqc7fjtwSNXTaYTS9Ky3wwTcjrhUImnLacJfFA3Tx8LzgB8IKIUmze7hSNku4hDXDbuNhgRCs
Frame ID: FD96047F5330B32D932020306C0B341E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 76865D15FED8C99157F1478BF1BF0A94
Requests: 18 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQu5mXARii-Pf8ATAB&v=APEucNXsrpbvgxaVMwI1zs0jVeVJhfYFGdSTiQmpNqawu5UBQMMHXcg0LU0Ren2EWe3mPmRLz_QSfLHF352MR0peswOMXtJWZf4lE5IdKnrr9H9B2geOsRzQ8doO-VRmU5ZExJzkABfQCdoBZwsYeSvSFHtIX1-JhsK9AhPnII5XTyzCVZ89Vrc
Frame ID: BB93F4C809A7E98527CD731DB702B487
Requests: 4 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Poppins%3A400%2C600
Frame ID: 928411C7A03DEC11F666610779652D55
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: DD5DFC24D7CBE8AC5193E4AB66642841
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 302517F184DDEDDF6C001055E38D3FED
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: EB4B17AD0853734567186706AF9DCF42
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 0306B03955B4F7200E50CC0BA2151BBA
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 670D40169632C13537C9F17DC82BEB89
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
Frame ID: CBD44421EA1D0A0B3B04C1B8F34FDBA3
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
Frame ID: CE84827EA07B3B4FBFC01A55630CB704
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250
Frame ID: BF5928309D9C8431A039A474505C59BE
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3
Frame ID: 444C338D17E4E908E66D670E5893582C
Requests: 15 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A4BC7A58FFB737DA8ECEB6CF1CC9E8F1
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 129CCF33B0263B320C09D886C9E6E86E
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=3572111325&adk=1602787454&adf=1144095369&pi=t.ma~as.3572111325&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780566&bpp=1&bdt=3314&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=773379832&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=2
Frame ID: C2F35125A224EEAF0C33F3C33108466C
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Frame ID: 13E56DB4A69E93B97CC0161D51F2B0EB
Requests: 14 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 17E2B1FFC4B71AF782A5A881704A01C8
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: DA7C54D1E2318435999696FBEF501863
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: 0C98CC6AFC6C957DFF352EC979D6AE32
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: D263BCEC5FC25C52D76D91E043C17A78
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: E9CFA153D5542D35AD716C05267D28A6
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 735B13C68AF97BBEC7BE03AF2BE51245
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js
Frame ID: C9B5939476CDA95673EE3ADA16915947
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Session management for OnWorks Free hosting provider for Linux online

Page URL History Show full URLs

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

278
Requests

91 %
HTTPS

47 %
IPv6

37
Domains

52
Subdomains

38
IPs

6
Countries

3890 kB
Transfer

10049 kB
Size

31
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.megadisk.net/pricing-onworks/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://chromewebstore.google.com/detail/vpnonline-secure-vpn-as-u/ojoiohfkfnfkdcmccickjhkmcdgeeifl
Title: VPN

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OnWorks-114357987913897/

Search URL Search Domain Scan URL

URL: https://twitter.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://instagram.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCggT8SMrUfB6NxjVndr6exA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/onworks-hosting/

Search URL Search Domain Scan URL

URL: https://www.offidocs.com/
Title: OffiDocs

Search URL Search Domain Scan URL

URL: https://www.apkonline.net/
Title: ApkOnline

Search URL Search Domain Scan URL

URL: https://www.uptoplay.net/
Title: UptoPlay

Search URL Search Domain Scan URL

URL: https://www.offilive.com/
Title: Offilive

Search URL Search Domain Scan URL

URL: https://www.megadisk.net/
Title: Megadisk

Search URL Search Domain Scan URL

URL: https://www.redcoolmedia.net/
Title: RedcoolMedia

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 56

https://googleads.g.doubleclick.net/pagead/adview?ai=CsV0mESPCZdDbN7CPiM0PtJW4oAOv7J7Udd3PloeZEmQQASCq0q6EAWD74YWDnAqgAd3wqsAqyAEJqAMByAPLBKoE5QFP0OWxn8u7_cQUWRwB1D5QutyJDEMRunOXfzqamnKubk8ovxmk5V8zi96B0i0tw4MjnLajFu3mtVtcR2P8kBCx2aK4_qIYTLLHtIrFx9WadgOI0rYPjN-ukkaY1hncRB6_4lGOPNo-mfBlWS54YRZ5Dd8nAXuQc2_YT1OYgmZCIkw-j5YgKjVeQmsz6n4NaYMQQldDMtYjbQ22GiiId6taboD7xSvjT5SIdOkFM-WHHkvhZ5BaSK3DYLwgDys9qAVm3fCCp8X90ToMotSuGPinm3HqlQnv1w1bHeQEkNTraqqxx7CywAT8nMnozASIBY2x8YhOkgUECAQYAZIFBAgFGASgBi6AB92o-58FqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQi_5R0ggmCIDhgBAQARgfMgKqAjoJgECAgISAgIQISL39wTpYrYf_3NiWhAOaCYsBaHR0cHM6Ly9wZGZpeGVycy5jb20vZG93bmxvYWRQZGYuaHRtbD9jYW1wYWlnbl9pZD0yMDk1NjYwMDQ2MSZhZGdyb3VwX2lkPTE1ODA1OTM1MTY3NiZwbGFjZW1lbnRfaWQ9d3d3Lm9ud29ya3MubmV0JmNyZWF0aXZlX2lkPTY4ODYwNjI5NTE3NIAKAcgLAbgT5APYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItODU1Njg2MjUxNTk4OTE5MRgAshgFGC4iAQA&sigh=shNsM7YFiBA&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_ukmAWtngJCZRCUHFS1vcH1DOpKLcKA9fAn3wVjQQBcz7mAhx_VQRSBtbzH5WBCnVxIklounfug3bUE2yTT0d7-viC5O5bqRSnxgB&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229454716729849100511%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211409209437%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221283157654710921841%22}&andc=true

Request Chain 94

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 95

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZcIjE00otMp6gQZ36MVJFgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

Request Chain 97

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NDE1NTgyMjI1ODgzMzY0OA%3D%3D

Request Chain 102

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTlmMzdhOTQtMTQwYy0yYzMwLWU2NWEtZDJkMDQ4YWNmOTc1

Request Chain 103

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=&google_error=15

Request Chain 117

https://fw.adsafeprotected.com/rfw/bgd/1811194/76298704/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&bundleId=&ias_dspID=3&ias_campId=1014708912&ias_pubId=pub-8556862515989191&ias_chanId=1&ias_placementId=20736634266&bidurl=https://www.onworks.net/onworkssession.php&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i37aEUvcqrPIHIGobPGH28&adsafe_url=https%3A%2F%2Fwww.onworks.net&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.onworks.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240201%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-3-%26adk%3D84980951%26client%3Dca-pub-8556862515989191%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3&adsafe_type=d&adsafe_jsinfo=,id:64f95364-83e2-e406-70cb-1890cf9dba08,c:3rJoNc,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-8bdb8bf7-lxg8k,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,tdt:s,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:13,oid:88b52138-c4e9-11ee-aff8-f67752bd024d,v:19.8.478,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&ias_xappb=

Request Chain 212

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmSs1hxPGV4khTCY4qzybQWtuBRs2Ze8y31snFjipl-YqhaUkccCkdl_18ol06f90CM4KmB9JwbsKr5-tT1Bd2jhzTpvVm5oTg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_push=AXcoOmSs1hxPGV4khTCY4qzybQWtuBRs2Ze8y31snFjipl-YqhaUkccCkdl_18ol06f90CM4KmB9JwbsKr5-tT1Bd2jhzTpvVm5oTg

Request Chain 214

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmRl4HBisgvfIFvA8Ja-hLTaNAnAPZGFQyghLKaf5L3Y13mxCUkrQUnJhk8ufeyaGMMiwlj8PUIRIG1PPj3-8K94KzVqNFRYRgY&google_gid=CAESELQAYjuCt4LN8n7iyPFtZD4&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJXGiK4GEgUI6AcQAEIASnNnb29nbGVfcHVzaD1BWGNvT21SbDRIQmlzZ3ZmSUZ2QThKYS1oTFRhTkFuQVBaR0ZReWdoTEthZjVMM1kxM214Q1VrclFVbkpoazh1ZmV5YUdNTWl3bGo4UFVJUklHMVBQajMtOEs5NEt6VnFORlJZUmdZ HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcXFiTkNZNEFiRS1rZUhqNEVlYVlmMnFMbkl4Z01ZZkxTaE5QYnFwVHBLRQ==&google_push

Request Chain 215

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFlB9svnL70sSkmVPF3Gu2U&google_cver=1&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woozlKb-auRbY6pQSU HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woozlKb-auRbY6pQSU

Request Chain 217

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELRbdaOwu6oaz1fu8oJbaKk&google_cver=1&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK53mrEbu28 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK53mrEbu28&google_hm=eS1ZTEFaM2l4RTJwR19zcDhkVmhDUk5rcXVTd1pfQnVDWH5B

Request Chain 218

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3yGwDUtfav4KYtt9E8ygQ1svE HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3yGwDUtfav4KYtt9E8ygQ1svE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3yGwDUtfav4KYtt9E8ygQ1svE

Request Chain 232

https://a.tribalfusion.com/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 233

https://d.agkn.com/pixel/2175/?google_gid=CAESEFf44t-Ibq3PCrCIyOMZRXk&google_cver=1&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g&google_hm=Q0FFU0VGZjQ0dC1JYnEzUENyQ0l5T01aUlhr

Request Chain 234

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFlB9svnL70sSkmVPF3Gu2U&google_cver=1&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo-E_K-aPV82Z5CE0 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo-E_K-aPV82Z5CE0

Request Chain 235

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D37MTzDL9xV-RtuA HTTP 302
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D37MTzDL9xV-RtuA&tc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=HIZDnY0REpGC62x_E-5AYYDOIpzviM814isZ71eIGig&pi=adx&tdc=ams&pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D37MTzDL9xV-RtuA&tc=1

Request Chain 246

https://googleads.g.doubleclick.net/pagead/adview?ai=CME76FCPCZdGKINafiM0PvoyleKuZ2pR1uqeHsMwS2tkeEAEgqtKuhAFg--GFg5wKoAGEqYHEA8gBCakCIEGUbRhBsz6oAwHIA8sEqgTaAU_QpVk07Pxfd158mnv72cWfDFyfGwYSEhGoNXtUCDe1Ih18gMHKl13nhykQc1esVhK1NuT5vpSOmV65VJY_4ElUwVV8q_LHptR3HbimZqYtHYvWUaKEGbl2h9pK0o8H2D1ANrx_a7iaZspxnZN2tC7iKj0LREdrxCudjXJSRoRGp2PgIjPoJVUmaT_bS__EazPc7cVEgsDVD0zG6SVU1POQwq5cmlPe2fqofLKCCWD323s-KbxwD6jK6c0e5UzJ52GsT8w1vl7Oz8hjdur2_UQEgn7LBvLqvyNywASaofiltwGIBZ7qlMgDkgUECAQYAZIFBAgFGASgBi6AB-TW_juoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAPIHBBD66gbSCCYIgOGAEBABGB8yAqoCOgmAQICAhICAhAhIvf3BOliDyJ7e2JaEA5oJxwFodHRwczovL3N0YXJ0LnBsZXNrLmNvbS9ROHI2czE1bj91dG1fdGVybT1saW51eCUyMHNlcnZlciUyMG1hbmFnZW1lbnQmdXRtX2NyZWF0aXZlPTY4OTE0NzUzMjg1NiZ1dG1fY2FtcGFpZ249OTU2NjQyNTkwJnV0bV9wb3NpdGlvbj0mdXRtX25ldHdvcms9ZCZ1dG1fdGFyZ2V0PSZ1dG1fcGxhY2VtZW50PXd3dy5vbndvcmtzLm5ldCZ1dG1fbWF0Y2g9gAoByAsBuBPkA9gTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi04NTU2ODYyNTE1OTg5MTkxGAA&sigh=Q8N5gjs2IxQ&uach_m=%5BUACH%5D&ase=2&cid=CAQSOwAvHhf_nxssbJ9oG38NcZj9yow8jWCAqYtxBQnSvo1gz5kL5tI3ijZtKK2I6pOykahKWdkcnbwDxN0qGAE&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217514602282702232090%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22947934340%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223763657993508339857%22}&andc=true

Request Chain 248

https://googleads.g.doubleclick.net/pagead/adview?ai=CFxq2FCPCZdiyJcWbiM0PtrWIoA-rmdqUdbqnh7DMEtrZHhABIKrSroQBYPvhhYOcCqABhKmBxAPIAQmpAiBBlG0YQbM-qAMByAPLBKoE2gFP0AjoEBqV51JCopYuMueYBFrA-yhsdVTjy8JgA7ukDF5eX1TdYZD_mBDZoRd-fXDXSYnLPP_CPnIeyBkJzZQwIwb2Sav92i04WP97-aWiGDoU0VZ6eZqcgCW6bahUk5625QCtk193h3uXC1vK3SsRoX5Vs_PWu3B7R-4mMV0jPJdmA1SyAhhLHNPj76zNfSFa7C6HzmuFEmgVyf4Z-GFwPmH5X81e21jSgo-CO8Kq3h8coCtNL5vU5pquybVXya3Y5sLLmvR7TJerJYt71aNkQVtKszmHAicTUsAEmqH4pbcBiAWe6pTIA5IFBAgEGAGSBQQIBRgEoAYugAfk1v47qAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQpIYI0ggmCIDhgBAQARgfMgKqAjoJgECAgISAgIQISL39wTpYiOqj3tiWhAOaCccBaHR0cHM6Ly9zdGFydC5wbGVzay5jb20vUThyNnMxNW4_dXRtX3Rlcm09bGludXglMjBzZXJ2ZXIlMjBtYW5hZ2VtZW50JnV0bV9jcmVhdGl2ZT02ODkxNDc1MzI4NTYmdXRtX2NhbXBhaWduPTk1NjY0MjU5MCZ1dG1fcG9zaXRpb249JnV0bV9uZXR3b3JrPWQmdXRtX3RhcmdldD0mdXRtX3BsYWNlbWVudD13d3cub253b3Jrcy5uZXQmdXRtX21hdGNoPYAKAcgLAbgT5APYEw3QFQGYFgGAFwGyFxwKGggAEhRwdWItODU1Njg2MjUxNTk4OTE5MRgAshgEEgLwWQ&sigh=5wsN0unX01w&uach_m=%5BUACH%5D&ase=2&cid=CAQSOwAvHhf_oqusGgWEBSKca2EGaPLmIHSeYyxU1YGYmRwYMm8Eu-kS1UnYBqxEIR_1ZcZrgYPgTBSKiwwCGAE&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229967488248311137018%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22947934340%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214342269105375538337%22}&andc=true

Request Chain 273

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 274

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENekyZyGk2QoohOIY84JKg8&google_cver=1&google_push=AXcoOmTqPGGq_8ltCgWghfjNUPGz2z_o-bmsJ2yhZ39rCIeoUoxe_Tw0U_2nS4ogsCmCA1j6RNcYWvEN9fc_ZS0ziSsRftLxyje8ppQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ4MjkwMjc5Njc1MDMyMTQ1MA==&gdpr=&gdpr_consent=

Request Chain 276

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmTK3RwNHcjTSd0yMKWHQkLY-weKmvEXTGAJeg2rs9bjRyT3TaWnqg6GWaMwceiRDUYy9aGmeMNHAXYCg7tAVzspl_gZGB-A3dk HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WmNJakZRQUMzV3B0ZXdBOQ==&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmTK3RwNHcjTSd0yMKWHQkLY-weKmvEXTGAJeg2rs9bjRyT3TaWnqg6GWaMwceiRDUYy9aGmeMNHAXYCg7tAVzspl_gZGB-A3dk

Request Chain 279

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7BsVR5BCOe0_iVJ3jF6T1cEzinY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7BsVR5BCOe0_iVJ3jF6T1cEzinY

Request Chain 283

https://googleads.g.doubleclick.net/pagead/adview?ai=CPESNFCPCZfLHK6yYiM0PltCr-APY-ozAc-fu1dSCEqTn8u2VAhABIKrSroQBYPvhhYOcCqABm_2eyAHIAQGoAwHIA8MEqgTyAU_QkXpsdG-WKPffcObLamYzpHx3lUmQywyR4cXKvo6Izlruy2jfiv64J-pTrFP4dP1S2duhUtGDG9fnbH2ahmsqM33kaV8dBjuFyOomClnv_lMQHYTYVnbrW6XCtIY5q_SLaA_OBkmt-MTuub08N8mFpVZsOKza6gq27KA1VajKYxi6vHTCWPS4h30GTABQzoQ7ArgKeKmfVzDnTp6lJlbDYs5vzFMVNIMdQKxsTIKhQQRaN6MEsqDIfCTGd0RqiozVQ_KFngFXFM32b9hSF3mVSz7pE3YUzqjrmNVt4l1v41cpmi7cgmRsUR4DA2LhExNswASd6aykrASIBeal5phLkgUECAQYAZIFBAgFGASgBmaAB82C4bcCqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQp8ZM0ggmCIDhgBAQARgfMgKqAjoJgECAgISAgIQISL39wTpYn-Sp3tiWhAOaCRhodHRwczovL3JvY2tldGFkbWluLmNvbS-ACgHICwHYEwuIFF3QFQGYFgGAFwGyFxwKGggAEhRwdWItODU1Njg2MjUxNTk4OTE5MRgA&sigh=0s5b1bZryI4&uach_m=%5BUACH%5D&ase=2&cid=CAQSOwAvHhf_ZFSGY5D9KmvOnRaF0gA38f-e-stm_N3valEe67rk1mMHE6gjD3kx-dCwe-t5a34XpBY4TbN9GAE&cbvp=2&vis=1&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22203974917446842862%22,%22debug_reporting%22:true,%22destination%22:%22https://rocketadmin.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22419937947%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228194668520381018289%22}&andc=true

278 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request onworkssession.php Show response
www.onworks.net/
Redirect Chain

https://www.onworks.net/playonline/index.php
https://www.onworks.net/onworkssession.php

63 KB
17 KB

29ms
28ms

Document
text/html

2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b185405b2cf0699bb833f19d6e752bacb56f9e83397f90b045d0aca1c49b19a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 216137
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
cf-ray: 851352cbae933cdb-CDG
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Tue, 06 Feb 2024 12:16:17 GMT
last-modified: Sat, 06 Jan 2024 10:22:07 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwHQoD0pMieQdsb%2BfQvg%2BtUdUndCq6r0y7B40pNE0KbcLe5IbV9vF4mAOqG3181%2Bbmv3%2FCUCCnLBrvhbPnFztAB%2FS7nCDfuZMhpzPx572cbO2PgWuwJgZXjZ%2FEZUn9BhAJgti0HJbH1SvN9YNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 851352cb3df33cdb-CDG
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Tue, 06 Feb 2024 12:16:17 GMT
location: /onworkssession.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kEEYrAJoU1XntKFw0qBvXUje%2FN7oyv92gHB0%2F4P75wVcVparupQ1w8DwYYSCKF%2BWeY8zMWKrcYNuJl%2BPKkNE6SuC9uLD7tuyOWIA9KhBFoTcXBhEcEDDSwlfao%2FXDS7SfWY80MnCNkC2k6mNdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2 200 jquery-ui.css
downloads.uptoplay.net/apkdownloader/ 32 KB
6 KB 111ms
35ms Stylesheet
text/css 162.55.101.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.55.101.40 Friedberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.101.55.162.clients.your-server.de

Software

Resource Hash

24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-url-1: /apkdownloader/jquery-ui.css
x-xss-protection: 1; mode=block

GET
H2 200 jquery.min.js Show response
downloads.uptoplay.net/apkdownloader/ 93 KB
34 KB 110ms
35ms Script
application/x-javascript 162.55.101.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.55.101.40 Friedberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.101.55.162.clients.your-server.de

Software

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-url-1: /apkdownloader/jquery.min.js
x-xss-protection: 1; mode=block
expires: Wed, 05 Feb 2025 11:11:11 GMT

GET
H2 200 jquery-ui.min.js Show response
downloads.uptoplay.net/apkdownloader/ 197 KB
52 KB 111ms
35ms Script
application/x-javascript 162.55.101.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.55.101.40 Friedberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.101.55.162.clients.your-server.de

Software

Resource Hash

e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=31536000
accept-ranges: bytes
x-cache-url-1: /apkdownloader/jquery-ui.min.js
x-xss-protection: 1; mode=block
expires: Wed, 05 Feb 2025 11:11:11 GMT

GET
H2 200 theme.css
downloads.uptoplay.net/apkdownloader/ 2 KB
995 B 104ms
29ms Stylesheet
text/css 162.55.101.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/theme.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.55.101.40 Friedberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.101.55.162.clients.your-server.de

Software

Resource Hash

7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-url-1: /apkdownloader/theme.css
x-xss-protection: 1; mode=block

GET
H2 200 styles.css
downloads.uptoplay.net/apkdownloader/ 620 B
849 B 103ms
28ms Stylesheet
text/css 162.55.101.40
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/styles.css?v=2

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.55.101.40 Friedberg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.40.101.55.162.clients.your-server.de

Software

Resource Hash

9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type: text/css
cache-control: public, max-age=1200
accept-ranges: bytes
x-cache-url-1: /apkdownloader/styles.css?v=2
x-xss-protection: 1; mode=block
expires: Wed, 05 Feb 2025 10:40:05 GMT

GET
H2 200 general.css
stream.onworks.net/templates/system/css/ 3 KB
1 KB 113ms
55ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/system/css/general.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 2730
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-MtMUQyOcDY"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 798
x-cache-url-1: /templates/system/css/general.css

GET
H2 200 addons.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
1 KB 109ms
52ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/addons.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 2795
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-lXdv-Gwc3a"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 615
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/addons.css

GET
H2 200 layout.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
867 B 112ms
55ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 3259
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-1yeZ15PgBe"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 452
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/layout.css

GET
H2 200 template.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 20 KB
5 KB 109ms
51ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/template.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 26939
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-C76MovcGZy"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 4983
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/template.css

GET
H2 200 css3.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 2 KB
1001 B 114ms
57ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

4d819a0d1178ee5dd5dd7a1b3e26e53faf8f0b8d7f1bc41608614f5cb544a909

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:11:31 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: STALE
x-original-content-length: 2096
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-v6hQIV3vXM"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/css3.css
content-length: 589

GET
H2 200 layout.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
939 B 114ms
57ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 3596
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-97Bl_gQT9D"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 547
x-cache-url-1: /templates/ja_elastica/css/layout.css

GET
H2 200 template-3-new01.css
stream.onworks.net/templates/ja_elastica/css/ 25 KB
6 KB 84ms
27ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/template-3-new01.css?v=020

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 35313
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-yFoVuFwV5i"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=518, public
accept-ranges: bytes
content-length: 6093
x-cache-url-1: /templates/ja_elastica/css/template-3-new01.css?v=020
expires: Tue, 06 Feb 2024 12:24:56 GMT

GET
H2 200 modules.css
stream.onworks.net/templates/ja_elastica/css/ 1 KB
935 B 85ms
28ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/modules.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 2543
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-eDveT_ggor"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 542
x-cache-url-1: /templates/ja_elastica/css/modules.css

GET
H2 200 layout-normal-2b.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
1 KB 111ms
54ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-normal-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

28bac19e2c9954e907755a04a23f54e66d170896802b32937d02835afc1aa3ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 3637
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-GVyzB23AEn"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 648
x-cache-url-1: /templates/ja_elastica/css/layout-normal-2b.css

GET
H2 200 css3.css
stream.onworks.net/templates/ja_elastica/css/ 3 KB
1 KB 113ms
56ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 3917
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-30gcjA_HN3"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 670
x-cache-url-1: /templates/ja_elastica/css/css3.css

GET
H2 200 mega.css
stream.onworks.net/templates/ja_elastica/css/menu/ 5 KB
1 KB 110ms
53ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/menu/mega.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 7009
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-lAK6Sgz8bE"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 1083
x-cache-url-1: /templates/ja_elastica/css/menu/mega.css

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 190 KB
69 KB 101ms
41ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ebf1336025bd98063cbfb2cf6f11db578fc321766d4a748cb3db871cfe3d3142

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 69952
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 06 Feb 2024 12:16:17 GMT

GET
H2 200 firebase-app.js Show response
www.gstatic.com/firebasejs/5.4.0/ 34 KB
12 KB 89ms
31ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-app.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:55:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580831
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12419
x-xss-protection: 0
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 18:55:46 GMT

GET
H2 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/5.4.0/ 35 KB
10 KB 85ms
27ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-messaging.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 12:44:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 343904
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10046
x-xss-protection: 0
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
vary: Accept-Encoding
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 01 Feb 2025 12:44:33 GMT

GET
H3 200 24.png
www.onworks.net/images/ 24 KB
24 KB 27ms
26ms Image
image/webp 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/24.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-cache-status-1: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2380485
cross-origin-embedder-policy: unsafe-none
cf-polished: origFmt=png, origSize=39008
content-disposition: inline; filename="24.webp"
alt-svc: h3=":443"; ma=86400
content-length: 24384
x-cache-url-1: /images/24.png
cf-bgj: imgq:100,h2pri
last-modified: Wed, 23 May 2018 22:32:56 GMT
cross-origin-opener-policy: unsafe-none
server: cloudflare
etag: "5b05ec18-9860"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Y0f8u1AOJNPJeYZmTpWuH0%2FcovBeD2htuqgbFWHbK0D3wo9YZmMZOVuIpyFsD0jJLZZJzeQhw4nAfuLtdrj7igVVrtoRy7w65HgKOaBXzT8Ej4AQmUkkm7lzlwdiRzKPTTX9pRyrIa6obDjJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 851352cd0da92a64-CDG

GET
H3 200 menu_x48.png
www.onworks.net/images/ 70 B
743 B 47ms
46ms Image
image/webp 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/menu_x48.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-cache-status-1: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2572055
cross-origin-embedder-policy: unsafe-none
cf-polished: origFmt=png, origSize=2639
content-disposition: inline; filename="menu_x48.webp"
alt-svc: h3=":443"; ma=86400
content-length: 70
x-cache-url-1: /images/menu_x48.png
cf-bgj: imgq:100,h2pri
last-modified: Fri, 08 Apr 2022 13:57:31 GMT
cross-origin-opener-policy: unsafe-none
server: cloudflare
etag: "62503f4b-a4f"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E5U6fN38fxrpzETMiG8S2NwHt00h5AAidAETca7lIRDYQdhpsmtrCxIyIiMa73Uj7g5BELsibae8Iy1WF1axF%2FkzJkbwZf%2FmdiJcTslqBno3R4sVgvsOCmjq2JNHkoA9%2BvnsXjZt%2FbrKqL4vvg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 851352cd0dac2a64-CDG

GET
H3 200 onworkslogox30.png
www.onworks.net/images/ 780 B
1 KB 47ms
47ms Image
image/webp 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/onworkslogox30.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-cache-status-1: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2594597
cross-origin-embedder-policy: unsafe-none
cf-polished: origFmt=png, origSize=2836
content-disposition: inline; filename="onworkslogox30.webp"
alt-svc: h3=":443"; ma=86400
content-length: 780
x-cache-url-1: /images/onworkslogox30.png
cf-bgj: imgq:100,h2pri
last-modified: Sat, 16 Apr 2022 17:52:31 GMT
cross-origin-opener-policy: unsafe-none
server: cloudflare
etag: "625b025f-b14"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XvXc6T%2FS%2BmOYpRDXoH3nCUzImHRU4Y7BfNXQzy%2Bp%2F8wyUpSJafpfcjy81TLwPg%2B%2FthrEdIiI3e%2F4RPdKR3gEHTPcQ2RVkkc%2BRf0Om9dkkCMg83cs%2FBGrgQNUgUuI%2FVxyXbUG2LLGEuhch1Pq5w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 851352cd0dad2a64-CDG

GET
H3 200 240px-Search_Icon.svg.png
www.onworks.net/images/ 2 KB
3 KB 29ms
28ms Image
image/webp 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/240px-Search_Icon.svg.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: HIT
x-cache-status-1: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2572055
cross-origin-embedder-policy: unsafe-none
cf-polished: origFmt=png, origSize=4014
content-disposition: inline; filename="240px-Search_Icon.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2462
x-cache-url-1: /images/240px-Search_Icon.svg.png
cf-bgj: imgq:100,h2pri
last-modified: Thu, 18 Oct 2018 17:20:33 GMT
cross-origin-opener-policy: unsafe-none
server: cloudflare
etag: "5bc8c0e1-fae"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J5LfHai9tx4Op15apL%2BXVzz%2FnEe%2BarfZCSmZKpUJamNrvhlwBeWPhOOipNsKQlPe10ORytwA0D44E%2Bp1dmk418TsQKK41fDE1r5gVdFyUDYE%2B5W4c4skjpDP00OLgdn44KNJo89QxG8bkoz2LA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 851352cbfc952a64-CDG

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 131ms
70ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a97ff6c1871d57e1f439c7f3e8804d5ac6f142c9c68fb01d6d2f55c97c6d1198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51288
x-xss-protection: 0
server: cafe
etag: 970531428296060588
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 06 Feb 2024 12:16:17 GMT

GET
H2 200 fedoraicon128.jpg
images.onworks.net/images/ 6 KB
6 KB 85ms
26ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/fedoraicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

2607c8863da6f149e142d4e887ec547e0d31079eacfa0e53aa8b24495b5de38c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Sat, 20 Apr 2019 19:29:53 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5cbb7331-16ee"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5870
x-cache-url-1: /images/fedoraicon128.jpg

GET
H3 200 readmoreblue2.svg
www.onworks.net/images/ 417 B
851 B 48ms
47ms Image
image/svg+xml 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/readmoreblue2.svg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
x-cache-status-1: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-embedder-policy: unsafe-none
alt-svc: h3=":443"; ma=86400
x-cache-url-1: /images/readmoreblue2.svg
last-modified: Sun, 01 May 2022 16:02:16 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
etag: W/"626eaf08-1a1"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oX8NKHbCEelRNVrh26w5bo08nlfZItKT6K%2BZHUtu1hieZRtsZGj9FsY0AhcC%2F2nOR2nCSqBA85vbUSNzUYdzUBsdQAuDil1%2FbY3WN4nktHhV5x0a8NUd7fkTuQRgo0yzkWOccAsiS8hSLF9pEg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=31536000
cf-ray: 851352cd0dae2a64-CDG

GET
H2 200 windows10icon128.jpg
images.onworks.net/images/ 5 KB
5 KB 76ms
47ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/windows10icon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

483fb858e80384c28e49786f7869bb3b7c381ce3f27f353e465105217ba58346

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Sun, 05 May 2019 16:41:58 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5ccf1256-12d3"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 4819
x-cache-url-1: /images/windows10icon128.jpg

GET
H2 200 ubuntuicon128.jpg
images.onworks.net/images/ 8 KB
8 KB 28ms
28ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/ubuntuicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

1e38007cae61d3d6aebcf2d371c00c3d298393747bfe6c34c93dd0ce30b5e81d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Sat, 20 Apr 2019 19:30:02 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5cbb733a-1f2f"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 7983
x-cache-url-1: /images/ubuntuicon128.jpg

GET
H2 200 pearosicon128.jpg
images.onworks.net/images/ 2 KB
3 KB 26ms
25ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/pearosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

37800922a2b1d9686bccdc72d9b98efd2587c4fb78a917eb409b84b268789eb3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 02 May 2019 13:01:49 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5ccaea3d-9cf"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 2511
x-cache-url-1: /images/pearosicon128.jpg

GET
H2 200 kodiicon128.jpg
images.onworks.net/images/ 5 KB
6 KB 29ms
28ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/kodiicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

dea8636954a35da1718e91aac0d4710206f26eb1a4a6b82c42643725c5ee6a35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Thu, 09 May 2019 05:10:24 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5cd3b640-14d4"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 5332
x-cache-url-1: /images/kodiicon128.jpg

GET
H2 200 zorinosicon128.jpg
images.onworks.net/images/ 8 KB
8 KB 31ms
30ms Image
image/jpeg 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/zorinosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

b1de8101808c699e84d1a02fbf939f995929045667224157f0d5f17593a5ef48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:15:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
last-modified: Mon, 22 Apr 2019 17:23:21 GMT
x-cache-status-1: HIT
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: "5cbdf889-1f3b"
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
content-length: 7995
x-cache-url-1: /images/zorinosicon128.jpg

GET
H3 200 email-decode.min.js Show response
www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 21ms
21ms Script
application/javascript 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Jan 2024 18:47:37 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b94449-4d7"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b6dMlvBZBIeyfwiWdeJLGrq6xNR767lpnfrAdJWW7SClemgvs4S2whNWCRNr9Ovy8j85c9s7woNMmYkvNwDusFtVxhHDc22IYfCxhAarRA61AKQnxtR7Bplbsij50j6HKHzRZ3iSSmYldB%2Bn1A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-frame-options: DENY
cache-control: max-age=172800, public
cf-ray: 851352ccad502a64-CDG
expires: Thu, 08 Feb 2024 12:16:17 GMT

GET
H3 200 postscribe.min.js Show response
www.onworks.net/ 17 KB
6 KB 29ms
29ms Script
application/x-javascript 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/postscribe.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
x-cache-status-1: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5985
cross-origin-embedder-policy: unsafe-none
alt-svc: h3=":443"; ma=86400
x-cache-url-1: /postscribe.min.js
server: cloudflare
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-21EPrDTH8D"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZsU9yf7kJUrIP3km%2FkswOjIWe9s2valEdfTuXkebj1LX949kmCTcxmgoPR0KR7Osk2ANhmFmXw9RW5nH9yEx7b8OhPCi4cyi1b7%2FYAIXkFOZitPKblMyw%2Bln2NPdtOVVUACCkwU5ru0H1ZlocA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=80000, s-maxage=80000
cf-ray: 851352cccd6b2a64-CDG

GET
H3 200 ad-blocker.js Show response
www.onworks.net/ 112 B
718 B 28ms
28ms Script
application/x-javascript 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/ad-blocker.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: HIT
x-cache-status-1: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2678320
cross-origin-embedder-policy: unsafe-none
alt-svc: h3=":443"; ma=86400
x-cache-url-1: /ad-blocker.js
last-modified: Sat, 06 Jan 2024 10:22:59 GMT
server: cloudflare
cross-origin-opener-policy: unsafe-none
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ADnD8WD97LF8gpSBz192auJYw%2F3%2BeR8RuUh3k%2FM96u4mIIlfPJbdK%2FcxupQT6x2W7OFYaRNDVDz3OpX3%2BSoxQQigR%2F2aplAljyxiZn%2B7DHHejk4V141yhQidbWlx9qCynLYnY2rLczj%2B4o%2Fydw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
cache-control: public, max-age=80000, s-maxage=80000
cf-ray: 851352ccdd762a64-CDG

GET
H2 200 layout-mobile-2b.css
stream.onworks.net/templates/ja_elastica/css/ 5 KB
2 KB 27ms
26ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-mobile-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 6944
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-W8B6bCngcR"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 1700
x-cache-url-1: /templates/ja_elastica/css/layout-mobile-2b.css

GET
H2 200 layout-tablet-2b.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
1 KB 27ms
27ms Stylesheet
text/css 2001:41d0:701:1100::49e1
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-tablet-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2001:41d0:701:1100::49e1 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
x-original-content-length: 3680
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
etag: W/"PSA-aj-8STxswNSgw"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=80000, s-maxage=80000
accept-ranges: bytes
content-length: 652
x-cache-url-1: /templates/ja_elastica/css/layout-tablet-2b.css

GET
H3 200 getbloa.php Show response
www.onworks.net/push/ 3 B
568 B 66ms
66ms XHR
text/html 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/push/getbloa.php?email=No

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-page-speed: 1.13.35.2-0
date: Tue, 06 Feb 2024 12:16:17 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lxY2BKYdTA1WoStjhvP3UWTJH61mbgFyg4IAcw6S42Sd0%2BD4cj0wheH3ZmOSncoaNqIEOU3WCkBRuHtve9GxJQILiv%2FGc2IxUU%2FtDngoGP33vOmt8OrhDQ5M3xovaFOrgC4RyFExfKrFncKlXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=0, no-cache
cf-ray: 851352cd2dc92a64-CDG
alt-svc: h3=":443"; ma=86400

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 220 KB
78 KB 46ms
46ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e4807c80aaee00d2e1b5e8760036e7b9308b092ec140c5fa20ea00c17e91c246

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 80065
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 06 Feb 2024 12:16:17 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 84ms
26ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 06 Feb 2024 11:30:43 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2734
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 06 Feb 2024 13:30:43 GMT

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/ 406 KB
138 KB 96ms
95ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8556862515989191&plah=www.onworks.net&aplac=true&bust=31080836

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

713e11be3293b76423916d51b74da3a8f6cc4de6fc34eade31283c8e3004df95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:17 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 140953
x-xss-protection: 0
server: cafe
etag: 16046316071331916791
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:17 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
245 B 69ms
25ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DN38F0DWYD&gtm=45je41v0v9121000514za200&_p=1707221777434&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1481967680.1707221778&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1707221777&sct=1&seg=0&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=588
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
206 B 33ms
32ms XHR
text/plain 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1320075155&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ul=en-us&de=UTF-8&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=1595160477&gjid=1492476818&cid=1481967680.1707221778&tid=UA-117545413-4&_gid=1393553992.1707221778&_r=1&gtm=457e41v0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&jsscut=1&z=749817657

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.onworks.net/
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 9E9F 120 KB
41 KB 1101ms
1043ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=8363645294&adk=4005142704&adf=2361439724&pi=t.ma~as.8363645294&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221777614&bpp=2&bdt=361&idt=186&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&correlator=5043432746550&frm=20&pv=2&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=458&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&pvsid=3754886673919165&tmod=1252727094&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CoEe%7Cp&abl=XS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=193

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8556862515989191&plah=www.onworks.net&aplac=true&bust=31080836

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed4bce9a8a756448b0944d53e3724ad29896d14a9e94a6de5d73f28b1eeed016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 41517
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:18 GMT
expires: Tue, 06 Feb 2024 12:16:18 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame B5DA 393 KB
81 KB 1365ms
1323ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&adk=84980950&adf=198458457&lmt=1704536527&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=140x945_l%7C140x945_r&format=0x0&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&pra=7&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221777616&bpp=1&bdt=364&idt=203&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x280&nras=1&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&pvsid=3754886673919165&tmod=1252727094&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=209

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4eb61fdec75519937aadd6279c3b827be304c184f2e43ee88c8fb3312990322f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 82395
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:19 GMT
expires: Tue, 06 Feb 2024 12:16:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 9E9F 4 KB
1 KB 95ms
34ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=8363645294&adk=4005142704&adf=2361439724&pi=t.ma~as.8363645294&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221777614&bpp=2&bdt=361&idt=186&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&correlator=5043432746550&frm=20&pv=2&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=458&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&pvsid=3754886673919165&tmod=1252727094&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=d%7C%7CoEe%7Cp&abl=XS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=193

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 10:47:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:18 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9E9F 2 KB
875 B 88ms
29ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 9E9F 23 KB
9 KB 88ms
30ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9E9F 3 KB
1 KB 107ms
49ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9E9F 20 KB
9 KB 83ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9E9F 205 KB
65 KB 130ms
72ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H2 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 9E9F 37 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:57:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580738
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:57:20 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/244323036456130487/ Frame 9E9F 8 KB
8 KB 101ms
52ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/244323036456130487/14763004658117789537?w=600&h=314&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bd6e9eca257fd55109291cb996429e05298804a5e3c5ab7c36412a48445e4fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 20:51:34 GMT
date: Tue, 30 Jan 2024 20:51:34 GMT
x-content-type-options: nosniff
age: 573885
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8561
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 08:30:50 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/2914349705548515401/ Frame 9E9F 3 KB
3 KB 100ms
51ms Image
image/png 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2914349705548515401/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37d5b07c436cfe35ab0ea2083b687e03cf6df5f288863c988f997e258b2a9751

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 29 Jan 2025 19:04:40 GMT
date: Tue, 30 Jan 2024 19:04:40 GMT
x-content-type-options: nosniff
age: 580299
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2705
x-xss-protection: 0
last-modified: Tue, 12 Dec 2023 15:45:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame 9E9F 208 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e5eddb1c2b0e70951a6bc1e264bb3b3998be1143b2a98a4a654370ac1230a46

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9E9F 16 KB
16 KB 93ms
33ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 09:10:14 GMT
x-content-type-options: nosniff
age: 11165
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Feb 2025 09:10:14 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 9E9F 15 KB
16 KB 86ms
27ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:50:29 GMT
x-content-type-options: nosniff
age: 581150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:50:29 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 9E9F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CsV0mESPCZdDbN7CPiM0PtJW4oAOv7J7Udd3PloeZEmQQASCq0q6EAWD74YWDnAqgAd3wqsAqyAEJqAMByAPLBKoE5QFP0OWxn8u7_cQUWRwB1D5QutyJDEMRunOXfzqamnKubk8ovxmk5V8...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229454716729849100511%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%...

0
0

115ms
57ms

Fetch
text/css

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229454716729849100511%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211409209437%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221283157654710921841%22}&andc=true

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9454716729849100511","debug_reporting":true,"destination":"https://pdfixers.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11409209437"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"1283157654710921841"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:19 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9454716729849100511","debug_reporting":true,"destination":"https://pdfixers.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11409209437"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"1283157654710921841"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 054A 50 KB
19 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 118ms
58ms Preflight
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 12:16:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/ 165 KB
56 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/reactive_library_fy2021.js?bust=31080836

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c015b831b0660e6996c98360200729401a62b49b892908f6a08ecb8813350b2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57035
x-xss-protection: 0
server: cafe
etag: 15992497795386808278
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/ Frame 701A 9 KB
4 KB 26ms
26ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 64635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 18:19:04 GMT
etag: 3890843268177463596
expires: Mon, 19 Feb 2024 18:19:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/ Frame 2631 9 KB
4 KB 26ms
26ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 64635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 18:19:04 GMT
etag: 3890843268177463596
expires: Mon, 19 Feb 2024 18:19:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/ Frame 4A45 9 KB
4 KB 26ms
25ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 64635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 18:19:04 GMT
etag: 3890843268177463596
expires: Mon, 19 Feb 2024 18:19:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/ Frame 87C6 9 KB
4 KB 26ms
26ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 64635
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4209
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 18:19:04 GMT
etag: 3890843268177463596
expires: Mon, 19 Feb 2024 18:19:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 701A 4 KB
767 B 36ms
34ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 10:26:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 701A 205 B
229 B 27ms
26ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:04:37 GMT
x-content-type-options: nosniff
age: 580302
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 29 Jan 2025 19:04:37 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 701A 604 B
628 B 29ms
28ms Image
image/png 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:52:46 GMT
x-content-type-options: nosniff
age: 581013
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Wed, 29 Jan 2025 18:52:46 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/ Frame 701A 16 KB
7 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 03:05:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 33045
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6823
x-xss-protection: 0
server: cafe
etag: 14359709190881042667
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 03:05:34 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 04B3 624 B
242 B 65ms
63ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNU1luAj6EtNUmKc9yixlWI6Wr57Owqfe52fQyBqCuqI6YK-btJN68wmEuc6wiC2qP9lw3hIhqMWyXLrDh_Ie_x5u7ukbX6qBX1-kdau3dFPMo5vwQmvdsC7CkpINpwJtGoNcBbCppm7vWbrnl5WTQ9eAfNfWmHvSz_sioe3cGiTFqXYBnM

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame EE26 93 KB
33 KB 71ms
70ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame EE26 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame EE26 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame EE26 205 KB
65 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE26 42 B
63 B 57ms
56ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C5_nhvdttKh7bV9VMHIIXakAiDIcb2jQpj86g3GhNKE6-0YSBNkd1XIlQKBgNBQo3kwxMqITJxAXoN1OE8gckfRF3xRxOqr1Bq8kDV1Ow9Xrn7fCM

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame FD96 640 B
262 B 84ms
83ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNVeOTYv-roLvMOG5R9q-_01q4PhASlZ8NyQB_YfJ0Mk4zu9SBV0IxLya8GMnEIu4iKIog6omjjrjH1aNAq4rb2VVBXGzEEdzQfdO3j_YAqqc7fjtwSNXTaYTS9Ky3wwTcjrhUImnLacJfFA3Tx8LzgB8IKIUmze7hSNku4hDXDbuNhgRCs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 7686 93 KB
33 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 7686 3 KB
1 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 7686 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7686 205 KB
65 KB 107ms
106ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7686 42 B
63 B 96ms
96ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DLIptQUrhnyOzXoC9hJ5c186TFgiHz1cs5f43NA35lfkj2Z9F55q9gBhrTIBI-60rv2ePhCeCuSF7js2HbnSvde2vYFg1m5OBJSUphDge9fc5euM4

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame BB93 466 B
235 B 207ms
206ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQu5mXARii-Pf8ATAB&v=APEucNXsrpbvgxaVMwI1zs0jVeVJhfYFGdSTiQmpNqawu5UBQMMHXcg0LU0Ren2EWe3mPmRLz_QSfLHF352MR0peswOMXtJWZf4lE5IdKnrr9H9B2geOsRzQ8doO-VRmU5ZExJzkABfQCdoBZwsYeSvSFHtIX1-JhsK9AhPnII5XTyzCVZ89Vrc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 215
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 87C6 93 KB
33 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33320
x-xss-protection: 0
server: cafe
etag: 12501049806231860069
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 87C6 42 B
63 B 90ms
90ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BRa4KEIDOzdWdqP3xjnfXv8z3RF7pc1gLMSNQ-MvBPgLcfioxG9EWT3WygVEe86ew41xtHL5_4XRp8crcP_OrpA48hqkcVrfV6Tvkj27I27h9hoSg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1811194/76298704/xbbe/creative/ Frame 87C6 278 KB
83 KB 108ms
32ms Script
application/javascript 18.202.133.215
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1811194/76298704/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&bundleId=&ias_dspID=3&ias_campId=1014708912&ias_pubId=pub-8556862515989191&ias_chanId=1&ias_placementId=20736634266&bidurl=https://www.onworks.net/onworkssession.php&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i37aEUvcqrPIHIGobPGH28
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.202.133.215 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-202-133-215.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ae33218e11a856b76c96a0d4e660dbd5153c3d7b457da39f92fb40fc273c8c62

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 87C6 3 KB
1 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 87C6 20 KB
8 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 87C6 205 KB
65 KB 127ms
126ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 9284 2 KB
480 B 35ms
35ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A400%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 10:50:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9284 2 KB
822 B 25ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 9284 23 KB
9 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9284 3 KB
1 KB 37ms
36ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46265
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 9284 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46256
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9284 205 KB
65 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:19 GMT

GET
H3 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 9284 37 KB
15 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:57:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580739
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:57:20 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 04B3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
339 B

46ms
46ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNU1luAj6EtNUmKc9yixlWI6Wr57Owqfe52fQyBqCuqI6YK-btJN68wmEuc6wiC2qP9lw3hIhqMWyXLrDh_Ie_x5u7ukbX6qBX1-kdau3dFPMo5vwQmvdsC7CkpINpwJtGoNcBbCppm7vWbrnl5WTQ9eAfNfWmHvSz_sioe3cGiTFqXYBnM
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qbo%2Bx1SC8lh0iuj%2BsEaRJ0FP23Pd7EQG5LNsQseCzNUm6wV45eowX1XtkFRN%2FHMIR2caGIQdiQ534IXm1lMRePZ3lJq4s8sBbvtvUj0nJr4W3YvqOk6G4Ngk%2BGusnLUVBol0NvbB%2FBVJbg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 851352da59234db7-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 04B3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZcIjE00otMp6gQZ36MVJFgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15

43 B
773 B

51ms
51ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNU1luAj6EtNUmKc9yixlWI6Wr57Owqfe52fQyBqCuqI6YK-btJN68wmEuc6wiC2qP9lw3hIhqMWyXLrDh_Ie_x5u7ukbX6qBX1-kdau3dFPMo5vwQmvdsC7CkpINpwJtGoNcBbCppm7vWbrnl5WTQ9eAfNfWmHvSz_sioe3cGiTFqXYBnM
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZ8zwqkWCpc0MT1VwFl%2BZUjdAXYYr2ly5lX56bRG%2Bqdv4felns0wga%2FK8SJJYseXnb%2FSD%2BefTOswHSPhWOYFLka%2FmmwdQ%2FD002BV406gTdgrg2r83MTeurl3vvzU3oiBvdCMKyZk6qQj0g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 851352db0ea5036b-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 288
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame 04B3 170 B
243 B 112ms
39ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNU1luAj6EtNUmKc9yixlWI6Wr57Owqfe52fQyBqCuqI6YK-btJN68wmEuc6wiC2qP9lw3hIhqMWyXLrDh_Ie_x5u7ukbX6qBX1-kdau3dFPMo5vwQmvdsC7CkpINpwJtGoNcBbCppm7vWbrnl5WTQ9eAfNfWmHvSz_sioe3cGiTFqXYBnM

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 04B3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NDE1NTgyMjI1ODgzMzY0OA%3D%3D

170 B
232 B

45ms
44ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NDE1NTgyMjI1ODgzMzY0OA%3D%3D

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
an-x-request-uuid: 2b64bb94-eaa0-433c-b3f1-866aa8815b67
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODQ0NDE1NTgyMjI1ODgzMzY0OA%3D%3D
x-proxy-origin: 178.33.144.178; 178.33.144.178; 958.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE26 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3847876993633&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE26 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3847876993633&version=m202401290101&ct=76&x=1&cor=12796344884495632000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame EE26 91 KB
38 KB 65ms
65ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A0BwbLtRZlzrN7TWHTuDQVwWhzxs4CE9KNaLpPepAlhVIFciNvXt11MnRPFQedimpTgkerZw2nm2LFKzPf05T-T0zE3A5mmyh6N5fzHCqHmrE99qXfOaPMTjySZe0AYqoIGorxTV6p8SHDR4pfiANFC25rsbbW4r6JT1lSZKvQMKZHd6c&dbm_d=AKAmf-DaNT2hy-mSS0yCwUJ8WdkqzUxC9c7PZyzJs4F7FoDb1tFBGAdw1hA6JURZwwo7sS7FgPWt_vqQzhceR7X3UIPAxJ1ZrY_7J9gcIM55EjZUMknjC_yvJI-Y2G7Nsaj7S4tyf5QRYR9oJdX5KieMr5I9mVojrhoLwu_X48a_5SlaZKIFl8DDrafFmyL0aDrK3OlVyFLWdzMi3ssFgUmeUKkN4eJgtQ33DWf1iY7A4ZvFrWuoaeuD4FJ2gC8WuL3PwH2E2rVtjf-vFVQw0xD4Vl33TmGnMfq8Qj_uBNDZGhxem14VYzm37-unPoJiMKkTSNV1umkT29IGZZLAvlucPk3kMWXQkcLGQqBDQA7VEl2wSLsAK2yskM5NYWJbVGaQg_HzB7h8Zqy0MQT1LDcuABlGSoBEQC2UNO3wX-OWqgLXer21421bSjn7rhmWwS0GViVrh46bjl-9Xee5WUw2mgKHhYWO0hy2N3H8BPy3ENG8ox8Hx1Mh4m-MMj1ISFTovkoK6Xu9qEaSw9PaiNasHk1pToewn4Cssj6tmujRQQpbi8dvwaCiObyWgjuuk8qcF95taeYX2jzNvbsNWhsuXekaEjOROGPmRpeaBD6bm7OJ8mY673p1J0XJLHPMHL2PGTVDcUbSesZ-4W7pf3hNMZiqffsHIjy7bb1dWf5MfGT8zoWAgI1CwhLkniY2xMGvNn5k-w-fdwdREsjubxkbIyP_L88wOqjNC4idBVpSbpG7chcMDw5n5Lds5LmwtoVzqpkxHVsPsQ-D-pFVMpck2x7xs9L6ar0tTi-Ge1yO43xD8h0vrBwj4aHYOJeYOf_fvDM6JxDpSv3f3qjEYjzf3hUJ-6uLYJHQOpcoKKmDYb0jGBCPDNRkEWfBZKPkitVALqdI_65DGxee-Z6_fKoNOAO6dp8yq7rlwl2HYY3mje8Vv3rRi2XafeRa8TD6arNVL-9iJbsTXvJRp6-bTCuJmjEueiSZJrLfBOSbc-PnijFjpQ8eKNVCbyAwDgi-R0ne0Pgtw32JPr0HjQYAmnWXydXAxB5KlR_WCgKkmT9eoAapt72LIHCaJUiCX-6vN1LmCFfqadjlioG0wwNOOYYGW4j6Mfa_Z_75ih29uwuGbvDb2O4TZz-D5f4sctm_VhpAljjPjbI6eofat2_5_JR75C9Tz7E79whHHQ9pkHmSgdRkhuG6e11sUm8GoDuvo2YJz01r-FuFdGErqhA-28guQXsewOASDNvmFpuUa_alVd-wGtBi1jwzPy2BJNyEyCa5kwF7BULWCIRVQOZhg6yZM5pl5bempySPrhN8gJocQ2SgNY63DmyX4LHbFfyJ1bChxYYs6b_hRG5ygQsg20yNWLAEhXH1OKSosTLGhRX7moZotyMo-cDn13_IZnvitVML5NVB7Kngv14iSYJn0slZX03HLy7F3hNb_dY5TXILD3fDJSahPvzcyXtmaeRS1JDncnKssUAM7AZiRu07uWXuNjjjpM8qGO7knpr9oOkyvV3iu85rY11UhHrBoQ8eEqqAPo0rdzHspqHMNClDagcx791GI_V_JX1kKh1fNFsGCqF6We5wfYNdueSMTIIOsWnBUSa2MnGB6bepqWgIXWBaes4qPIW1uGPIChZMu7SbmcMESEAVX2GIjGZxoE0e6_l0BrpMTsEhDXLOzl0xi6-0lVE7VVQGtiARcuLAVQvu2y6F2K6VO9UE82ei8Y2-LRy0HBah9sLeSpCIpWG13OrL3IpkPWGykEDT1gYoMGtAqJeDqHHplZzcS6xxVNPcN0O0ODsHzD_InCXZjrjQFotS2q1bDWyfmDFV5WmaxhdKpUM6at-SQnwJcut7Tkw4sQ60Sl5UIBEQkZwAw0SsjHY0sJz-viHZLg3laTQ7mTBumPv1rvxwk2HcHKE6QlU0RhA0DBt1qzjXD6kLosO3wzq7-gxICHLRQUezZ40kfcI557gLq66Z24n633DgQ0ynFCqC5eedfNr3wU36vl5njUk0dNHIsCORLlnwIn7pLOfNE04xElhwSg_xnOpaFecEG4rs57oa4Fg77QTHtpsQb7pplzDGpxGxec8ojgv0uOVuii3sMePzxmOHHaeeLeKiQsXBAJEL1HIBX8nYZ12Z46xViL9E_rR0p36XnGHPFr2ArKEpZlb5pNh0wZ0Y3jtJKLhvBrCEJHxd6LHkg0hj65Bp7liUKorSBSvyA9wA6M3HKNI-mzHFRGBw1YJMZs1BTO5gVOqxFdA4Jvgr8J5HRrYFWzw0dHoczxiXeFPnzhhxSBvQG4cTdTCx62ZWaEXcMzhWtH7CxZYxjgXZZ5E4m8dnJj9I3sfFhUZX0dPd9sPjy5WIkDp7KBC0PgwNEvHGtTvxFRyrehYD0-rAFR4q9tq9-V1F6KJkonn6YJn1R6jE8t-25PSFapeulkf3e9AHdurvkn7M53mT4icfBCC_50jygcEykR1nLg5MBMN0QcNvHhfj5B4e2rS92pRGYubQQewaKTqA2nq8bIRDl2ylAZAEjz3iYM85__cyPv3FAqHYLY_7wdgUGUUr78pnDlzkD84RGlfxEmQUrsq382oCG3iObwJERcB5C6Mks2gjfvI_UzNWkm1Nj8R_Yp1rNLIxeiHmSYgPvH5ZroNxY8y2j_yzjIMss3BI5_AE9pqHKMR38bqj4kJTFkSzCKyFWj441qWYf4pkMtxKA1Axifj3354d5tEy-9QtZzpd-T6GIOZ8JINxqqcAycHV-dzk34RwMdIn_-zZVvP8mhZELUYgO_vFkgpGDNlSMq6fqluIvKx3oNB4ehlHgPePpbcDZgUFXB8jpKUIy8sDDUHIgHq51txzN7YMhlFYOV62jcxZgg6t7yK79ahzdJ_II193JpPk2Lqcyqvvny96piljKCEMVhy2XlGr0rHxytNFvCWUL2jq7UaZXHSrwpG2EXi8-0HehEcdFTIFEvi2Bx4nguuxuM5BWR6Evd0RjMDSiMO3dPM0xuMnnCesIIbjDCC98NI4os16_JQugVu-2HLmiQ3qcURWwiWhOfrsEIMl-mjSnPa2pjg9JRW9Id4rkBvW6Sgj2f1-bgKz_jaDHkd3TmhQ5kuzJtHwX7D1qT7pk4tuPh8B6nQTfcQ4IQkZSSnLSpQ7IRCpwE7EMWcijqvp30zVQH-afF3mf74qmKDh8sWEPbrp_Lk0_6ascAhiuvKZlvAYzzWtr5FAoVcjlbQiFXCtdVpn1c_fC1KXd4NCW-TX-lsB232wZWIHyaK2zkMinwopivczEG3K9ghJpEi9a0z5-UEj5nNIyy2AbF9MJEhYuNa-OLsefjaEcXNFQhizFxXMM2THxhK0iQpeKYNyBfg7ofEeliASbDAZaWNi3IDPXdyC_Ssg0PyGbRpUSH9o-8KKckpDxJyGARtT64XPMqX0jE6witUNKUlP2dmib6fbLR9Uot6f6Gcb8Q-g4FZXVzU8ddHoqNuSgBF6AHeO436mZF9ax6vgP1EbGQ&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=12796344884495632000&adk=497053792&idt=91&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b62a63c4711954c9ae32842b37a2bd30223bb947b5b9443401604c9591846a0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38969
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel
cm.g.doubleclick.net/ Frame FD96 170 B
232 B 79ms
43ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNVeOTYv-roLvMOG5R9q-_01q4PhASlZ8NyQB_YfJ0Mk4zu9SBV0IxLya8GMnEIu4iKIog6omjjrjH1aNAq4rb2VVBXGzEEdzQfdO3j_YAqqc7fjtwSNXTaYTS9Ky3wwTcjrhUImnLacJfFA3Tx8LzgB8IKIUmze7hSNku4hDXDbuNhgRCs

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame FD96
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTlmMzdhOTQtMTQwYy0yYzMwLWU2NWEtZDJkMDQ4YWNmOTc1

170 B
232 B

40ms
39ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTlmMzdhOTQtMTQwYy0yYzMwLWU2NWEtZDJkMDQ4YWNmOTc1

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=YTlmMzdhOTQtMTQwYy0yYzMwLWU2NWEtZDJkMDQ4YWNmOTc1
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

um
sync.teads.tv/ Frame FD96
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=&google_error=15

23 B
163 B

124ms
75ms

Image
image/gif

23.211.8.12
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&google_error=15
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNVeOTYv-roLvMOG5R9q-_01q4PhASlZ8NyQB_YfJ0Mk4zu9SBV0IxLya8GMnEIu4iKIog6omjjrjH1aNAq4rb2VVBXGzEEdzQfdO3j_YAqqc7fjtwSNXTaYTS9Ky3wwTcjrhUImnLacJfFA3Tx8LzgB8IKIUmze7hSNku4hDXDbuNhgRCs
Protocol: H2
Server: 23.211.8.12 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-211-8-12.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 06 Feb 2024 12:16:19 GMT
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=&google_error=15
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 256
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame FD96 23 B
163 B 198ms
76ms Image
image/gif 23.211.8.12
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CKfiYRCr8_wBGPr5r4MCMAE&v=APEucNVeOTYv-roLvMOG5R9q-_01q4PhASlZ8NyQB_YfJ0Mk4zu9SBV0IxLya8GMnEIu4iKIog6omjjrjH1aNAq4rb2VVBXGzEEdzQfdO3j_YAqqc7fjtwSNXTaYTS9Ky3wwTcjrhUImnLacJfFA3Tx8LzgB8IKIUmze7hSNku4hDXDbuNhgRCs
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.211.8.12 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-211-8-12.deploy.static.akamaitechnologies.com
Software: pekko-http/1.0.0 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 06 Feb 2024 12:16:19 GMT
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
cache-control: max-age=0, no-cache, no-store
server: pekko-http/1.0.0
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7686 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4937911920578&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7686 0
20 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4937911920578&version=m202401290101&ct=76&x=1&cor=2529655433035726300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7686 91 KB
38 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALWJbSeOjIrZXc_mV7H9wZYkGgwXbWo_LDQ6WsO8Z6Eve0DXD2svj6tKRExCA-gQizArsTy_arm5moqJBZrUVfzQcDRzM-J18WjVQsSDSulplrl9LRgJ-03M6mH5m3JDz88sVcTh0zzMgjDM-_Oht6x9jC8KcELFSLxDmOdGHIzBFmAoY&dbm_d=AKAmf-BReVw55hu6gYNqNDAtMNcijhlUg5q1HquVgiqS-LRPyDU6mVA17MEHHZj3yrRtMr40wdqFwz0O6db84Denj9MlogLmhRjF8rg5rXJZZ7_U0f3mFTH4FDACR2ZWC7GILzKYbYGaSZTZaaDUJKCxs7kndY-MIbSTIwRm1B-FszZOumpg0mo_myvCgOXoHtWXwsktI5flkN3lbVP25BXePTBQIChvwqPYtC1ud-RJoqd6T0NLtIZ4jVyLLuuX7jzE6hHMdEUNWlNXSg3ovKRFh1PN6vyIVC_GmIkmCyggEtEAjR1bNOwBTePtNLj2LQ1X6fIcryWGrNO-7aIpQFLIOxI1b6TCAyog44cSU3ze0laaZuzsU54wFz-h6XOFHZ18tSE3WVLCvc3k0d3pnGZepqQoBf2nRagwgnuYTD_sHfmKfpRIImOUgsDR-edslMSBSfa1UVHPVe8W3ZjOJ-hlufXlmxoG_q8dk5oerT8ITiD8XeNZlsTgoCS4nFhfPtzNTR2q5VqJmlY_irHdsX4dJe2Ay48ggNFY091KbhCXD_-ELOL-K7VYBCEAijwS0kgbIis-GpGvonjAwxKZIm74iWLxEGnzOjPl1VFo7nIoog1FF4IwBkBOB56bu1zGQ8GPpY2A6bXcXLHJaiwPgxi9qnAN-R0O80vpgAzzPy-Xs12WBE9i9cYcgrmn2-eaNXQmlx6xaBYAtRuPZNBv66bZnzspHXm7Sj3PH62giVcYXxkqIPVEZBFtZeTJc9ez5KKgwxriQVU1KR-jPrFXsaZbGsvJQN7Mj9S39A_Q1zR1zr0_GtGGnnkijT4uVU3_O9ND76IT66Z99dGAgS4tuEScHbhiE9uNpyIqmHShZaIQMWX3jjl16P8G6MJs22GIdafbul9pxhNJ-0zmEyB8Qlz5_1bk-uGqJoH88isu5PDusHLVc9v8mK3GR4C8glr1YxK0PVCu78ISZvLYwNcRMQaTwdO-hKp9fAArcbMNTVE8C4p3DgucMda9gi2ynyR_laSTlYxnR7xTzo6mCpFyTVoM_ySWlQwPe_o-zUbSxee3phaUaST09yJvY6u-9NAyY8y9DSdobT2S0GZd4Og8eIIBaudif_DI-Ry8t7VBDbauPXg8jCnHedcNjs4TUwnHzWLICQ4zQbbO7SrSx87NNwE_AKPkYf4McPkeEz54mF-23craVZ8xh277-XrNlopjlrYga02rYfLF0MOBOIrumheHQMA8SxROeVI1euSEyzHIOAVBpGK6dX8UjQIjqfoqzSI9Z7KA3rDJzhWXWMxZDUmojEDeFHf70kUz_xcO_KavxFQGOI_Z3epZ8xXkw0Q6CdTWGj6UxjdWGcucxB49TKvYPdflPZss9n6jN4dfG9qr3oyrWV8A3HFTKlRx3RvXXN84ruEg8ZQ88tX3V1FjXC8QqA6EMZJoGwjn_aEKuc6w2gBjaZu4B1mUf-aFxrzF5i_3xugAqIQQ66oubfBLTNToifhPHpm2pvBdOAcXbsbAraXOmQo9aBMFE-CQTeoNk-VOklcGjafFsQ6go1XvwJftxxaH1-rzYAVS3TnlAMk95nA7fW56ssgxhgVpD--sFVz_1RYOZiEnJ0oQLkgQ6hhyMnKin63oWB3B1HFya8QdISGt28sz8xLruhdcMNB9PR1TKl6eUHZEkXSWgtCz15Y9avCsAVDeqKWOypYv6C-sCTFaT3N3XGcvKXeIhraE7FD_8FBkB9_MALVkrpka5Qjfd82kYTVesvCJln5UxtzKDxMV5uATg7BZ7HCBzG-OvSD-fUBnPMaY_Nf3aWnvHXgY3jY92R6BcWZ2otyzfQ-vEyyzeMlwCBO-ULGVyeDSEONSOE0NI-B11IBWB5rMTbbdTe8spKxOE-SW60PKP4qoprYT5Bq0rzOaXLJVjs4osjmkjfhfXFdE9JFzjzoxcZWmKnbeouj3rK5pxCPIHGuCrUuA8SJ6iqDfaujwOW_hyYniPuTwJq6O0IQaRXVkWse6db6YgVRiynJ2GS4K2__eSHTJLfVsLdBkZhVzkM7-qHjmlbi3s7LSXYv6zhojRF8C3nr9fHvVkXLlwzJujgAP1DkJGH5FiDU_TYHN6YPR7ARGgcERI5bcnleBhIkdvN9zvGoUiL8hblOyCEC3p-ct2_VEYshuoHEAa_lLVjtqzVKA3yyLPT564mcdrPvAHPGTF_h1YZI81E4K4LzvHAlysNQXOSw8-pWo7h9bI8cDpbmTVs2BTVtJge1HgYaEgj1gxGYn7x2LxKS3CA1-p0Xic6rO2u7N3eIAaaqLsCcPkrDczZ_WWzxadNBUwT5ip35PvyXvw9M3o9ObweSqCXCD86foV7JFTyk78QFSbQAfMhH-36xxSu_N4zG0SExpoazlcmgE58s_uR1HTO_46Brck-xvvx9a96VcG94JB5s7yYRQOF7YUfO5ULbS0d44qWtw75zY4khUuAm-nPeUs8B2sZd43M40NV4RvyUuKWjsqOEt41-uCSOLm1zhHqRO6sfL37Nd8wgzREtI1Cs1HDDu8APhUYw7P5kGBvlZAtBu3v2MewrcMM1zn7gOnQmmXcknhuNbHqqzz-wviovUd5t0wUpE9U_G89-OZWfgNbhqm-dIvZ6HPAlpNoCDIFOut-iRfk1Sj3YOmNUdQ9aOwCJjMRW14xuW4Eygho7yNtIFNKICu60ESrKSHfx7LPNOiAxUCJ5EoNvfdmNJthWqpwOiY6hLEbXdAgQrEZfgm91dtl5oPzYpJaEVSKOF8_1jkXS0yb3mb6JJee4wNAcfGfDiyIeXRlW8_ICPEufCC6HuzpT3m5LzI7iyrSNWkIBEqUJeftlpLxuS19mC67j00Q9zELIj_HkrXX4GXz1maWvIfrbwSMRShsJK34pPkXF34O4q6xSN_eKRAqBowJXXLcqDmGxQ8xGnCx1zsUk_zzdol4zc_WlgbS3K-5H81D99vWx8wTui1JJvnG2pGuakDmxu2gp5YSS78OEB0k2rpU7O3IpVCG5CAa_AKFOF_lWr2oM7bXJz44ZA8KMHDhLJmtIzhX3TebmDJQQVfTk0P6-2rnB08D_V1XSpc11vzAcZTdo4VGDaTeXvHv0nXSnAdhyZJYk1e0uCSrN4ebJNOeiz1AxJXGNIBMCNKLcjRvy091WE8ty8P9CXytxkfnrEciGtEBIjcPr8LPjm4F7z22ENvGHmqcxi7CYByET-fPFbUx4nq5a39C8Yw_MTsfFkWBHUHa0AuURhGqLwYwm0tsi8QzYYb6rbnxjhJTZAumAs_gX3w5pBaVbYqiiOlLbKi7MKhR2MQ2QllmMLR9uhZ8FBGrMzhNHLNVMMU_4jwHplW37dzB0f7epFjIdwWKNJ2zRSBwa0rWImeBwkEbqWiSS1ioskB9WNk1iSu5FAr1jKXeKkBObMDoUwdIz4ao0tPqq1x7QCnLiH8iI3y2jdYrTUn0vNKZQmhtATF5xberITeAiN0Rf4UgAk5A&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=2529655433035726300&adk=1761367584&idt=91&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02f7fde905e76291989f5c7740ba568cfdf3d6e9b1f7e4c077f79623905a41a3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38727
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 87C6 0
20 B 57ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=6293201393042&version=m202401290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 87C6 0
20 B 57ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=6293201393042&version=m202401290101&ct=76&x=1&cor=3720317165029347000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 87C6 17 KB
12 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bb0xnYdIMaZRqQfS6jdx71hW1POXSTvSG5wJhyJhfq1QiwC2EQsiSVXhnOZoZUaqV2S7p9jyj9gQTOgGtgZjIU2unl-6LWTCGEbxEPzcPBk5IgH81Lx0uq-0Y51pnNLcZqiKCQIgQOb17-oASl_VoC-EMF7MWpfA4Y3ffrx0bqTmXC768&cry=1&dbm_d=AKAmf-CrdS1BEF_T-ki6DTwu5EB-xbFjQqnTmSY9vI6pouscxDFdz8i_Hm85-t3bhtGTnkIOSDdx45T6fbOHjXrGjS4AUaEZk0LwW7L-mpleMEdppg_E6pqAvDol0Eg-uB0UkCtisoZGhLbZVNXWH3l6JHIflLMM4c4gkAav72UhvlVKnS9vfxQjr6A38WC2E4LsEaTl2w3-58huLzEEjX9axwOvQmGdxpj-d7iy-CRM9oQAASpOkO6z0klLZ9FW7n9P7Eq-Xg7hH8hcB9TGe_4XmL2FeScuBUn1Ug_a5k1Suu6JM35Z754pX3Kizsvk-vZ-E-Z61D7e0GFiVI1BvbSl6k3iJBP1dE0HLWVFl2iGMrDbdryZNAyPi-6lkO2svYv_d0idoSmIVRSA_4b6HSCz3GAbFQj1tLNjwVYlt2KdO7iHP3Eb7CJTtSI52YV0Fr1KG3ejUTkvzNQsOTukE8nv3yvvDCHI9Mic2VPAvY3keZmcRAzBI-vMJMdu5pbhMlnnHdhBkRP_tvnp5UAZVIQuEHryA9mL121gfyojeNR0FPKWvnm3xd7shPK8-fetuSxqJ3V5WMsi3gD_44brOk7vIYPcDoKl3_zfeztoDchFP4SgmjdhphRkehRxS9g_J3acOkBbn5huLUDWBkOASZR0ImDuHZ07vYyCkoYgz0hG7_sg3eiod3f_FhfkPEEplkYjoPehKRE2V4IPAib-pwFfauWmr3lf0I9mU0L50Ltu-x8UvtWSfzdOevoS6pAfI266WFJDUR12ODtTUqFo3tOCwsxPVp3uVcq1FBvNkQwFQpWF-UvUjVMtMjkju4UrqZNm78Iv0UegZ4V7fN6E5krgIZdtB8mHrhtp1XQXvU-Q9iiKnIklLPQn9_yWURRFKtTNY9ysWPYAhRx8R6jAGRu3JEsu99ZSCz68aQMwI8u10Gjjtxp4V4rQzokx5l35OFseRWadq7OAVaMbBzpX6zUjbdYUwMtJaQY59DHYxfJDQmOGC-zNcyiDgHPwVc-H1xZ9b3QXeeYecATkhGLlvtOqVXunpgLAZIl5cXbdEl0fNTnFBQ3qaetDpFtQH_VAmtNAW0z0LOHsO1x1AX5h5caJYJ7zEv65AHhc58nCB8Icx6zAN6GMJzRLmlTjMCzL4H5IC3_0Y1HgRh5OPCPhSyntuKSOQ2pRzrPk6n-Ywa10dIPuvA6T1J1hm--fu3k63m7IDJ5x9VuNNOMXYS2J-47ufNdE91jKVCIB8gXAQq0PkHcFXEarLxOhXk48-kw5Xa1Z0E8Qn4wakDNH84dLhkYKU2dhOqaxFKSVLw_omur2dY28vlctCXYcn-I5VUS_VmyDuDsLGBG8Gl28aYNfMzgmrCY8MydRx8rgJLlIRVbhtVxVBCw4Ays-abSUxpZHvhg-Ou4EDszzs5J4pfsFckChX3Hz9Wd9J_K80HQ6xTGQvfWrXcrqDP1pARmXBBkC86jZ4QSozL2-IlbaS8sciugcOl_ArKERLcZo2UcjZkaHKsWehCPrOoT_JQz8R3cjyeQxuNG0igKrR7K-Gz-Kcyl4XZi3-W98uETZmb941OzbGKzQXh34xjxAekptb91UPHqaoDffgdu1U25FNAzV98nLLHWeSjHPF0T3u1Dbjp5khArKmMKJBNSBDLcK22ggUbUPYxTyc1Xl4jcFftUAz5nliuDVa-_k7gEHaogPwIrJqrkBqpH5jYOry2PqCuxGtmZxrziJjDHfwqibdkRhN1fk23ATbu1Xo75wFOpGwqQ2deZaSEOiD23aZLYxRgRouJA2yeFSxY81WVSLq309_F1XurT6eQgitcccj-tJshUSijaOU9Wei_4AWJ3gtSBZ6BWIPJVvyqPP6b8bRlS-Xh0s1RNN44nhrRZtPQIEZdstLpTc4ZR2HYuKF3IWzXe1wacVE4kB4MsCCrhFAzRuZb-_4LbWsVhGcpEgwTqtYy8sFSVJf8hIgyZF8kvXPeeAInUxNMTucY2l2yy7-XxHsMQFGxkKVL_IHN1nQG3c3PbT7fiOW7fm7I4NAtSid-j3eNRFlmmBa8Lj7AgnGq6zWRHVLxhpuJV1BFb3VBSTwmTzgdyk96dWPo3jIjpeV-IS-jH5zWRm2eaiTZDqEfbWc-0nvZix254-KeHflVXogplsIC7xPI2-rgpsjPPakKUzLc3rWcp-dh0OZqJQ4M43PUJ0mnR0SfRBNAJDMBGKmegaJO6YCFY0ME_CtS5lt9EZIxaRLM5Lc4ldSH5bCAyKw1knKO1sD3Q2JnBwP36JuMhF1P4F4o6yjZD0nD482h8AJlswzEaXL4JFgSvFain0TorKbAL_YM5TIZR1wPc6tDrVPOO4HNaLX_k-VrJl8Xb5Bf8mmNJ2eZwK6obwo3yCyKeWTfrkPVaFPrQL-Swr1SJK7hr90ovrQk73mrL2gqccGI3_mMV-1dFsCTOWN0wwZVoT8ov_HA7oC96jMN90rsETurnNa-Hkv87zE1VrF0w4K0rkse9ay8RURhKOB1V20lwmRWpEdbMWjtgyrjPGRO_efqcsq3wQ9XvuppBw6zCRFZqCavdleEZjKWSwMzjNJs5mSPT8yrixZjhURFz6NLILMoF48KA6J5TzyZNLJhFiSOa9CZBRPTF8JvzH4Pf_Rj41qfDlPmIj3vOt2nDNoPyGcEQVDH1iaijF0XIjy0ZmgDsteBSLGzMfetDIbJu73Gtdw475hsMsUKhL5J2Q0EExQg4p-_0V1VrY_Z2XiJqLvZbnVDXSUUmaCD8_GU0kx89ylS-7takIJbdyXBijVMQ9p6tslPaeipoY089mCqzKO8SThIlmJZbKLX07xFW2g401AnGwnv-FtJ8Z1Mis10dgfIHRoaz1A1PQSJc6lbtacXsRd3pV4_w11CTUXA2h9JhmExMKKBVs8_mYRMzco6BMVF0eo23nWatnknbCFI6VMCNs50nDMKCGZz-hj5Z7RS2u4SOp3CFDogf9q44S-CrQev9W4wPf4pdh7USg-I-sRh6CBohS9RtybLqwiymLIKJUhhAYIB2NzJ7U_-0fdxDL1bRbrenvd3s&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=3720317165029347000&adk=910071608&idt=90&cac=0&dtd=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a8427d00d4966dca4c9ad4d09541c85e610fe17157304b8a53ab59fd39f9bdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12640
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame DD5D 50 KB
19 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 87C6 41 KB
14 KB 32ms
31ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bb0xnYdIMaZRqQfS6jdx71hW1POXSTvSG5wJhyJhfq1QiwC2EQsiSVXhnOZoZUaqV2S7p9jyj9gQTOgGtgZjIU2unl-6LWTCGEbxEPzcPBk5IgH81Lx0uq-0Y51pnNLcZqiKCQIgQOb17-oASl_VoC-EMF7MWpfA4Y3ffrx0bqTmXC768&cry=1&dbm_d=AKAmf-CrdS1BEF_T-ki6DTwu5EB-xbFjQqnTmSY9vI6pouscxDFdz8i_Hm85-t3bhtGTnkIOSDdx45T6fbOHjXrGjS4AUaEZk0LwW7L-mpleMEdppg_E6pqAvDol0Eg-uB0UkCtisoZGhLbZVNXWH3l6JHIflLMM4c4gkAav72UhvlVKnS9vfxQjr6A38WC2E4LsEaTl2w3-58huLzEEjX9axwOvQmGdxpj-d7iy-CRM9oQAASpOkO6z0klLZ9FW7n9P7Eq-Xg7hH8hcB9TGe_4XmL2FeScuBUn1Ug_a5k1Suu6JM35Z754pX3Kizsvk-vZ-E-Z61D7e0GFiVI1BvbSl6k3iJBP1dE0HLWVFl2iGMrDbdryZNAyPi-6lkO2svYv_d0idoSmIVRSA_4b6HSCz3GAbFQj1tLNjwVYlt2KdO7iHP3Eb7CJTtSI52YV0Fr1KG3ejUTkvzNQsOTukE8nv3yvvDCHI9Mic2VPAvY3keZmcRAzBI-vMJMdu5pbhMlnnHdhBkRP_tvnp5UAZVIQuEHryA9mL121gfyojeNR0FPKWvnm3xd7shPK8-fetuSxqJ3V5WMsi3gD_44brOk7vIYPcDoKl3_zfeztoDchFP4SgmjdhphRkehRxS9g_J3acOkBbn5huLUDWBkOASZR0ImDuHZ07vYyCkoYgz0hG7_sg3eiod3f_FhfkPEEplkYjoPehKRE2V4IPAib-pwFfauWmr3lf0I9mU0L50Ltu-x8UvtWSfzdOevoS6pAfI266WFJDUR12ODtTUqFo3tOCwsxPVp3uVcq1FBvNkQwFQpWF-UvUjVMtMjkju4UrqZNm78Iv0UegZ4V7fN6E5krgIZdtB8mHrhtp1XQXvU-Q9iiKnIklLPQn9_yWURRFKtTNY9ysWPYAhRx8R6jAGRu3JEsu99ZSCz68aQMwI8u10Gjjtxp4V4rQzokx5l35OFseRWadq7OAVaMbBzpX6zUjbdYUwMtJaQY59DHYxfJDQmOGC-zNcyiDgHPwVc-H1xZ9b3QXeeYecATkhGLlvtOqVXunpgLAZIl5cXbdEl0fNTnFBQ3qaetDpFtQH_VAmtNAW0z0LOHsO1x1AX5h5caJYJ7zEv65AHhc58nCB8Icx6zAN6GMJzRLmlTjMCzL4H5IC3_0Y1HgRh5OPCPhSyntuKSOQ2pRzrPk6n-Ywa10dIPuvA6T1J1hm--fu3k63m7IDJ5x9VuNNOMXYS2J-47ufNdE91jKVCIB8gXAQq0PkHcFXEarLxOhXk48-kw5Xa1Z0E8Qn4wakDNH84dLhkYKU2dhOqaxFKSVLw_omur2dY28vlctCXYcn-I5VUS_VmyDuDsLGBG8Gl28aYNfMzgmrCY8MydRx8rgJLlIRVbhtVxVBCw4Ays-abSUxpZHvhg-Ou4EDszzs5J4pfsFckChX3Hz9Wd9J_K80HQ6xTGQvfWrXcrqDP1pARmXBBkC86jZ4QSozL2-IlbaS8sciugcOl_ArKERLcZo2UcjZkaHKsWehCPrOoT_JQz8R3cjyeQxuNG0igKrR7K-Gz-Kcyl4XZi3-W98uETZmb941OzbGKzQXh34xjxAekptb91UPHqaoDffgdu1U25FNAzV98nLLHWeSjHPF0T3u1Dbjp5khArKmMKJBNSBDLcK22ggUbUPYxTyc1Xl4jcFftUAz5nliuDVa-_k7gEHaogPwIrJqrkBqpH5jYOry2PqCuxGtmZxrziJjDHfwqibdkRhN1fk23ATbu1Xo75wFOpGwqQ2deZaSEOiD23aZLYxRgRouJA2yeFSxY81WVSLq309_F1XurT6eQgitcccj-tJshUSijaOU9Wei_4AWJ3gtSBZ6BWIPJVvyqPP6b8bRlS-Xh0s1RNN44nhrRZtPQIEZdstLpTc4ZR2HYuKF3IWzXe1wacVE4kB4MsCCrhFAzRuZb-_4LbWsVhGcpEgwTqtYy8sFSVJf8hIgyZF8kvXPeeAInUxNMTucY2l2yy7-XxHsMQFGxkKVL_IHN1nQG3c3PbT7fiOW7fm7I4NAtSid-j3eNRFlmmBa8Lj7AgnGq6zWRHVLxhpuJV1BFb3VBSTwmTzgdyk96dWPo3jIjpeV-IS-jH5zWRm2eaiTZDqEfbWc-0nvZix254-KeHflVXogplsIC7xPI2-rgpsjPPakKUzLc3rWcp-dh0OZqJQ4M43PUJ0mnR0SfRBNAJDMBGKmegaJO6YCFY0ME_CtS5lt9EZIxaRLM5Lc4ldSH5bCAyKw1knKO1sD3Q2JnBwP36JuMhF1P4F4o6yjZD0nD482h8AJlswzEaXL4JFgSvFain0TorKbAL_YM5TIZR1wPc6tDrVPOO4HNaLX_k-VrJl8Xb5Bf8mmNJ2eZwK6obwo3yCyKeWTfrkPVaFPrQL-Swr1SJK7hr90ovrQk73mrL2gqccGI3_mMV-1dFsCTOWN0wwZVoT8ov_HA7oC96jMN90rsETurnNa-Hkv87zE1VrF0w4K0rkse9ay8RURhKOB1V20lwmRWpEdbMWjtgyrjPGRO_efqcsq3wQ9XvuppBw6zCRFZqCavdleEZjKWSwMzjNJs5mSPT8yrixZjhURFz6NLILMoF48KA6J5TzyZNLJhFiSOa9CZBRPTF8JvzH4Pf_Rj41qfDlPmIj3vOt2nDNoPyGcEQVDH1iaijF0XIjy0ZmgDsteBSLGzMfetDIbJu73Gtdw475hsMsUKhL5J2Q0EExQg4p-_0V1VrY_Z2XiJqLvZbnVDXSUUmaCD8_GU0kx89ylS-7takIJbdyXBijVMQ9p6tslPaeipoY089mCqzKO8SThIlmJZbKLX07xFW2g401AnGwnv-FtJ8Z1Mis10dgfIHRoaz1A1PQSJc6lbtacXsRd3pV4_w11CTUXA2h9JhmExMKKBVs8_mYRMzco6BMVF0eo23nWatnknbCFI6VMCNs50nDMKCGZz-hj5Z7RS2u4SOp3CFDogf9q44S-CrQev9W4wPf4pdh7USg-I-sRh6CBohS9RtybLqwiymLIKJUhhAYIB2NzJ7U_-0fdxDL1bRbrenvd3s&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=3720317165029347000&adk=910071608&idt=90&cac=0&dtd=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:07:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580101
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 19:07:58 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame EE26 111 KB
39 KB 369ms
26ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 14:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Feb 2024 14:12:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/ Frame EE26 12 KB
4 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A0BwbLtRZlzrN7TWHTuDQVwWhzxs4CE9KNaLpPepAlhVIFciNvXt11MnRPFQedimpTgkerZw2nm2LFKzPf05T-T0zE3A5mmyh6N5fzHCqHmrE99qXfOaPMTjySZe0AYqoIGorxTV6p8SHDR4pfiANFC25rsbbW4r6JT1lSZKvQMKZHd6c&dbm_d=AKAmf-DaNT2hy-mSS0yCwUJ8WdkqzUxC9c7PZyzJs4F7FoDb1tFBGAdw1hA6JURZwwo7sS7FgPWt_vqQzhceR7X3UIPAxJ1ZrY_7J9gcIM55EjZUMknjC_yvJI-Y2G7Nsaj7S4tyf5QRYR9oJdX5KieMr5I9mVojrhoLwu_X48a_5SlaZKIFl8DDrafFmyL0aDrK3OlVyFLWdzMi3ssFgUmeUKkN4eJgtQ33DWf1iY7A4ZvFrWuoaeuD4FJ2gC8WuL3PwH2E2rVtjf-vFVQw0xD4Vl33TmGnMfq8Qj_uBNDZGhxem14VYzm37-unPoJiMKkTSNV1umkT29IGZZLAvlucPk3kMWXQkcLGQqBDQA7VEl2wSLsAK2yskM5NYWJbVGaQg_HzB7h8Zqy0MQT1LDcuABlGSoBEQC2UNO3wX-OWqgLXer21421bSjn7rhmWwS0GViVrh46bjl-9Xee5WUw2mgKHhYWO0hy2N3H8BPy3ENG8ox8Hx1Mh4m-MMj1ISFTovkoK6Xu9qEaSw9PaiNasHk1pToewn4Cssj6tmujRQQpbi8dvwaCiObyWgjuuk8qcF95taeYX2jzNvbsNWhsuXekaEjOROGPmRpeaBD6bm7OJ8mY673p1J0XJLHPMHL2PGTVDcUbSesZ-4W7pf3hNMZiqffsHIjy7bb1dWf5MfGT8zoWAgI1CwhLkniY2xMGvNn5k-w-fdwdREsjubxkbIyP_L88wOqjNC4idBVpSbpG7chcMDw5n5Lds5LmwtoVzqpkxHVsPsQ-D-pFVMpck2x7xs9L6ar0tTi-Ge1yO43xD8h0vrBwj4aHYOJeYOf_fvDM6JxDpSv3f3qjEYjzf3hUJ-6uLYJHQOpcoKKmDYb0jGBCPDNRkEWfBZKPkitVALqdI_65DGxee-Z6_fKoNOAO6dp8yq7rlwl2HYY3mje8Vv3rRi2XafeRa8TD6arNVL-9iJbsTXvJRp6-bTCuJmjEueiSZJrLfBOSbc-PnijFjpQ8eKNVCbyAwDgi-R0ne0Pgtw32JPr0HjQYAmnWXydXAxB5KlR_WCgKkmT9eoAapt72LIHCaJUiCX-6vN1LmCFfqadjlioG0wwNOOYYGW4j6Mfa_Z_75ih29uwuGbvDb2O4TZz-D5f4sctm_VhpAljjPjbI6eofat2_5_JR75C9Tz7E79whHHQ9pkHmSgdRkhuG6e11sUm8GoDuvo2YJz01r-FuFdGErqhA-28guQXsewOASDNvmFpuUa_alVd-wGtBi1jwzPy2BJNyEyCa5kwF7BULWCIRVQOZhg6yZM5pl5bempySPrhN8gJocQ2SgNY63DmyX4LHbFfyJ1bChxYYs6b_hRG5ygQsg20yNWLAEhXH1OKSosTLGhRX7moZotyMo-cDn13_IZnvitVML5NVB7Kngv14iSYJn0slZX03HLy7F3hNb_dY5TXILD3fDJSahPvzcyXtmaeRS1JDncnKssUAM7AZiRu07uWXuNjjjpM8qGO7knpr9oOkyvV3iu85rY11UhHrBoQ8eEqqAPo0rdzHspqHMNClDagcx791GI_V_JX1kKh1fNFsGCqF6We5wfYNdueSMTIIOsWnBUSa2MnGB6bepqWgIXWBaes4qPIW1uGPIChZMu7SbmcMESEAVX2GIjGZxoE0e6_l0BrpMTsEhDXLOzl0xi6-0lVE7VVQGtiARcuLAVQvu2y6F2K6VO9UE82ei8Y2-LRy0HBah9sLeSpCIpWG13OrL3IpkPWGykEDT1gYoMGtAqJeDqHHplZzcS6xxVNPcN0O0ODsHzD_InCXZjrjQFotS2q1bDWyfmDFV5WmaxhdKpUM6at-SQnwJcut7Tkw4sQ60Sl5UIBEQkZwAw0SsjHY0sJz-viHZLg3laTQ7mTBumPv1rvxwk2HcHKE6QlU0RhA0DBt1qzjXD6kLosO3wzq7-gxICHLRQUezZ40kfcI557gLq66Z24n633DgQ0ynFCqC5eedfNr3wU36vl5njUk0dNHIsCORLlnwIn7pLOfNE04xElhwSg_xnOpaFecEG4rs57oa4Fg77QTHtpsQb7pplzDGpxGxec8ojgv0uOVuii3sMePzxmOHHaeeLeKiQsXBAJEL1HIBX8nYZ12Z46xViL9E_rR0p36XnGHPFr2ArKEpZlb5pNh0wZ0Y3jtJKLhvBrCEJHxd6LHkg0hj65Bp7liUKorSBSvyA9wA6M3HKNI-mzHFRGBw1YJMZs1BTO5gVOqxFdA4Jvgr8J5HRrYFWzw0dHoczxiXeFPnzhhxSBvQG4cTdTCx62ZWaEXcMzhWtH7CxZYxjgXZZ5E4m8dnJj9I3sfFhUZX0dPd9sPjy5WIkDp7KBC0PgwNEvHGtTvxFRyrehYD0-rAFR4q9tq9-V1F6KJkonn6YJn1R6jE8t-25PSFapeulkf3e9AHdurvkn7M53mT4icfBCC_50jygcEykR1nLg5MBMN0QcNvHhfj5B4e2rS92pRGYubQQewaKTqA2nq8bIRDl2ylAZAEjz3iYM85__cyPv3FAqHYLY_7wdgUGUUr78pnDlzkD84RGlfxEmQUrsq382oCG3iObwJERcB5C6Mks2gjfvI_UzNWkm1Nj8R_Yp1rNLIxeiHmSYgPvH5ZroNxY8y2j_yzjIMss3BI5_AE9pqHKMR38bqj4kJTFkSzCKyFWj441qWYf4pkMtxKA1Axifj3354d5tEy-9QtZzpd-T6GIOZ8JINxqqcAycHV-dzk34RwMdIn_-zZVvP8mhZELUYgO_vFkgpGDNlSMq6fqluIvKx3oNB4ehlHgPePpbcDZgUFXB8jpKUIy8sDDUHIgHq51txzN7YMhlFYOV62jcxZgg6t7yK79ahzdJ_II193JpPk2Lqcyqvvny96piljKCEMVhy2XlGr0rHxytNFvCWUL2jq7UaZXHSrwpG2EXi8-0HehEcdFTIFEvi2Bx4nguuxuM5BWR6Evd0RjMDSiMO3dPM0xuMnnCesIIbjDCC98NI4os16_JQugVu-2HLmiQ3qcURWwiWhOfrsEIMl-mjSnPa2pjg9JRW9Id4rkBvW6Sgj2f1-bgKz_jaDHkd3TmhQ5kuzJtHwX7D1qT7pk4tuPh8B6nQTfcQ4IQkZSSnLSpQ7IRCpwE7EMWcijqvp30zVQH-afF3mf74qmKDh8sWEPbrp_Lk0_6ascAhiuvKZlvAYzzWtr5FAoVcjlbQiFXCtdVpn1c_fC1KXd4NCW-TX-lsB232wZWIHyaK2zkMinwopivczEG3K9ghJpEi9a0z5-UEj5nNIyy2AbF9MJEhYuNa-OLsefjaEcXNFQhizFxXMM2THxhK0iQpeKYNyBfg7ofEeliASbDAZaWNi3IDPXdyC_Ssg0PyGbRpUSH9o-8KKckpDxJyGARtT64XPMqX0jE6witUNKUlP2dmib6fbLR9Uot6f6Gcb8Q-g4FZXVzU8ddHoqNuSgBF6AHeO436mZF9ax6vgP1EbGQ&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=12796344884495632000&adk=497053792&idt=91&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:32:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:32:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame EE26 31 KB
12 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 00:25:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: cafe
etag: 10551285868935850944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 00:25:07 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame EE26 41 KB
14 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:07:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580101
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 19:07:58 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 87C6
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1811194/76298704/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obK...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9Lgbsasmp...

74 KB
26 KB

114ms
51ms

Script
text/javascript

142.251.168.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&ias_xappb=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Server

142.251.168.155 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

wh-in-f155.1e100.net

Software

cafe /

Resource Hash

7d791c4ef0472f575bbf5404c57a5ad96231960a28547b6c8e88e75838a255ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25892
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: nginx
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 3025 91 KB
23 KB 107ms
32ms Script
application/javascript 2600:9000:223f:bc00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:bc00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 5e28951e5f2b6d7d562636473d26d7a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 11966829
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: hUausDtObl8tAt6OfWx2a_YO38fHWXK85PxkoNtFETrUz4ihGsekcQ==

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 7686 111 KB
39 KB 308ms
54ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 14:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Feb 2024 14:12:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/ Frame 7686 12 KB
4 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ALWJbSeOjIrZXc_mV7H9wZYkGgwXbWo_LDQ6WsO8Z6Eve0DXD2svj6tKRExCA-gQizArsTy_arm5moqJBZrUVfzQcDRzM-J18WjVQsSDSulplrl9LRgJ-03M6mH5m3JDz88sVcTh0zzMgjDM-_Oht6x9jC8KcELFSLxDmOdGHIzBFmAoY&dbm_d=AKAmf-BReVw55hu6gYNqNDAtMNcijhlUg5q1HquVgiqS-LRPyDU6mVA17MEHHZj3yrRtMr40wdqFwz0O6db84Denj9MlogLmhRjF8rg5rXJZZ7_U0f3mFTH4FDACR2ZWC7GILzKYbYGaSZTZaaDUJKCxs7kndY-MIbSTIwRm1B-FszZOumpg0mo_myvCgOXoHtWXwsktI5flkN3lbVP25BXePTBQIChvwqPYtC1ud-RJoqd6T0NLtIZ4jVyLLuuX7jzE6hHMdEUNWlNXSg3ovKRFh1PN6vyIVC_GmIkmCyggEtEAjR1bNOwBTePtNLj2LQ1X6fIcryWGrNO-7aIpQFLIOxI1b6TCAyog44cSU3ze0laaZuzsU54wFz-h6XOFHZ18tSE3WVLCvc3k0d3pnGZepqQoBf2nRagwgnuYTD_sHfmKfpRIImOUgsDR-edslMSBSfa1UVHPVe8W3ZjOJ-hlufXlmxoG_q8dk5oerT8ITiD8XeNZlsTgoCS4nFhfPtzNTR2q5VqJmlY_irHdsX4dJe2Ay48ggNFY091KbhCXD_-ELOL-K7VYBCEAijwS0kgbIis-GpGvonjAwxKZIm74iWLxEGnzOjPl1VFo7nIoog1FF4IwBkBOB56bu1zGQ8GPpY2A6bXcXLHJaiwPgxi9qnAN-R0O80vpgAzzPy-Xs12WBE9i9cYcgrmn2-eaNXQmlx6xaBYAtRuPZNBv66bZnzspHXm7Sj3PH62giVcYXxkqIPVEZBFtZeTJc9ez5KKgwxriQVU1KR-jPrFXsaZbGsvJQN7Mj9S39A_Q1zR1zr0_GtGGnnkijT4uVU3_O9ND76IT66Z99dGAgS4tuEScHbhiE9uNpyIqmHShZaIQMWX3jjl16P8G6MJs22GIdafbul9pxhNJ-0zmEyB8Qlz5_1bk-uGqJoH88isu5PDusHLVc9v8mK3GR4C8glr1YxK0PVCu78ISZvLYwNcRMQaTwdO-hKp9fAArcbMNTVE8C4p3DgucMda9gi2ynyR_laSTlYxnR7xTzo6mCpFyTVoM_ySWlQwPe_o-zUbSxee3phaUaST09yJvY6u-9NAyY8y9DSdobT2S0GZd4Og8eIIBaudif_DI-Ry8t7VBDbauPXg8jCnHedcNjs4TUwnHzWLICQ4zQbbO7SrSx87NNwE_AKPkYf4McPkeEz54mF-23craVZ8xh277-XrNlopjlrYga02rYfLF0MOBOIrumheHQMA8SxROeVI1euSEyzHIOAVBpGK6dX8UjQIjqfoqzSI9Z7KA3rDJzhWXWMxZDUmojEDeFHf70kUz_xcO_KavxFQGOI_Z3epZ8xXkw0Q6CdTWGj6UxjdWGcucxB49TKvYPdflPZss9n6jN4dfG9qr3oyrWV8A3HFTKlRx3RvXXN84ruEg8ZQ88tX3V1FjXC8QqA6EMZJoGwjn_aEKuc6w2gBjaZu4B1mUf-aFxrzF5i_3xugAqIQQ66oubfBLTNToifhPHpm2pvBdOAcXbsbAraXOmQo9aBMFE-CQTeoNk-VOklcGjafFsQ6go1XvwJftxxaH1-rzYAVS3TnlAMk95nA7fW56ssgxhgVpD--sFVz_1RYOZiEnJ0oQLkgQ6hhyMnKin63oWB3B1HFya8QdISGt28sz8xLruhdcMNB9PR1TKl6eUHZEkXSWgtCz15Y9avCsAVDeqKWOypYv6C-sCTFaT3N3XGcvKXeIhraE7FD_8FBkB9_MALVkrpka5Qjfd82kYTVesvCJln5UxtzKDxMV5uATg7BZ7HCBzG-OvSD-fUBnPMaY_Nf3aWnvHXgY3jY92R6BcWZ2otyzfQ-vEyyzeMlwCBO-ULGVyeDSEONSOE0NI-B11IBWB5rMTbbdTe8spKxOE-SW60PKP4qoprYT5Bq0rzOaXLJVjs4osjmkjfhfXFdE9JFzjzoxcZWmKnbeouj3rK5pxCPIHGuCrUuA8SJ6iqDfaujwOW_hyYniPuTwJq6O0IQaRXVkWse6db6YgVRiynJ2GS4K2__eSHTJLfVsLdBkZhVzkM7-qHjmlbi3s7LSXYv6zhojRF8C3nr9fHvVkXLlwzJujgAP1DkJGH5FiDU_TYHN6YPR7ARGgcERI5bcnleBhIkdvN9zvGoUiL8hblOyCEC3p-ct2_VEYshuoHEAa_lLVjtqzVKA3yyLPT564mcdrPvAHPGTF_h1YZI81E4K4LzvHAlysNQXOSw8-pWo7h9bI8cDpbmTVs2BTVtJge1HgYaEgj1gxGYn7x2LxKS3CA1-p0Xic6rO2u7N3eIAaaqLsCcPkrDczZ_WWzxadNBUwT5ip35PvyXvw9M3o9ObweSqCXCD86foV7JFTyk78QFSbQAfMhH-36xxSu_N4zG0SExpoazlcmgE58s_uR1HTO_46Brck-xvvx9a96VcG94JB5s7yYRQOF7YUfO5ULbS0d44qWtw75zY4khUuAm-nPeUs8B2sZd43M40NV4RvyUuKWjsqOEt41-uCSOLm1zhHqRO6sfL37Nd8wgzREtI1Cs1HDDu8APhUYw7P5kGBvlZAtBu3v2MewrcMM1zn7gOnQmmXcknhuNbHqqzz-wviovUd5t0wUpE9U_G89-OZWfgNbhqm-dIvZ6HPAlpNoCDIFOut-iRfk1Sj3YOmNUdQ9aOwCJjMRW14xuW4Eygho7yNtIFNKICu60ESrKSHfx7LPNOiAxUCJ5EoNvfdmNJthWqpwOiY6hLEbXdAgQrEZfgm91dtl5oPzYpJaEVSKOF8_1jkXS0yb3mb6JJee4wNAcfGfDiyIeXRlW8_ICPEufCC6HuzpT3m5LzI7iyrSNWkIBEqUJeftlpLxuS19mC67j00Q9zELIj_HkrXX4GXz1maWvIfrbwSMRShsJK34pPkXF34O4q6xSN_eKRAqBowJXXLcqDmGxQ8xGnCx1zsUk_zzdol4zc_WlgbS3K-5H81D99vWx8wTui1JJvnG2pGuakDmxu2gp5YSS78OEB0k2rpU7O3IpVCG5CAa_AKFOF_lWr2oM7bXJz44ZA8KMHDhLJmtIzhX3TebmDJQQVfTk0P6-2rnB08D_V1XSpc11vzAcZTdo4VGDaTeXvHv0nXSnAdhyZJYk1e0uCSrN4ebJNOeiz1AxJXGNIBMCNKLcjRvy091WE8ty8P9CXytxkfnrEciGtEBIjcPr8LPjm4F7z22ENvGHmqcxi7CYByET-fPFbUx4nq5a39C8Yw_MTsfFkWBHUHa0AuURhGqLwYwm0tsi8QzYYb6rbnxjhJTZAumAs_gX3w5pBaVbYqiiOlLbKi7MKhR2MQ2QllmMLR9uhZ8FBGrMzhNHLNVMMU_4jwHplW37dzB0f7epFjIdwWKNJ2zRSBwa0rWImeBwkEbqWiSS1ioskB9WNk1iSu5FAr1jKXeKkBObMDoUwdIz4ao0tPqq1x7QCnLiH8iI3y2jdYrTUn0vNKZQmhtATF5xberITeAiN0Rf4UgAk5A&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&dv3_ver=m202401290101&rfl=https%3A%2F%2Fwww.onworks.net%2F&ds=l&xdt=1&iif=1&cor=2529655433035726300&adk=1761367584&idt=91&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:32:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:32:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 7686 31 KB
12 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 00:25:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: cafe
etag: 10551285868935850944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 00:25:07 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 7686 41 KB
14 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:07:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580101
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 19:07:58 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 526ms
169ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJoOr,pingTime:-3,time:90,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:90,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B85~0%5D,as:%5B85~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,rmeas:1,rend:0,renddet:IMG.us,siq:14%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
216 B 521ms
167ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJoOt,pingTime:-6,time:92,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:92,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B87~0%5D,as:%5B87~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,rmeas:1,rend:0,renddet:IMG.us,siq:14%7D&tpiLookup=ao:www.onworks.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
server: nginx
x-server-name: dt04.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame BB93 170 B
188 B 38ms
38ms Image
image/png 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQu5mXARii-Pf8ATAB&v=APEucNXsrpbvgxaVMwI1zs0jVeVJhfYFGdSTiQmpNqawu5UBQMMHXcg0LU0Ren2EWe3mPmRLz_QSfLHF352MR0peswOMXtJWZf4lE5IdKnrr9H9B2geOsRzQ8doO-VRmU5ZExJzkABfQCdoBZwsYeSvSFHtIX1-JhsK9AhPnII5XTyzCVZ89Vrc

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:19 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET partner
sync.search.spotxchange.com/ Frame BB93 0
0

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58269/ Frame BB93 0
125 B 394ms
97ms Image
text/plain 3.75.62.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.75.62.37 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-75-62-37.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.94 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 516ms
168ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJoOB,pingTime:-2,time:100,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:270,beZ:271,mfA:273,cmA:274,inA:274,inZ:277,prA:277,prZ:280,si:284,poA:285,poZ:323,cmZ:323,mfZ:323,loA:362,loZ:364,ltA:370,ltZ:370%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:100,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B95~0%5D,as:%5B95~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:14,sinceFw:85,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame EB4B 38 KB
13 KB 28ms
28ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 580081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jan 2024 19:08:18 GMT
expires: Wed, 29 Jan 2025 19:08:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 0306 38 KB
13 KB 26ms
25ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 580081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jan 2024 19:08:18 GMT
expires: Wed, 29 Jan 2025 19:08:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 670D 38 KB
13 KB 30ms
30ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 580081
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 30 Jan 2024 19:08:18 GMT
expires: Wed, 29 Jan 2025 19:08:18 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame EB4B 50 KB
19 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580494
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 0306 39 KB
15 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 22:08:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Feb 2025 22:08:25 GMT

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame 670D 39 KB
15 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 22:08:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50874
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Feb 2025 22:08:25 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 87C6 111 KB
39 KB 138ms
78ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 14:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 79407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 06 Feb 2024 14:12:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/ Frame 87C6 12 KB
4 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1811194/76298704/xbbe/creative/adj?p=APEucNVqLCyMo_GJEO9DeY9Dauqe83AxEvQIIi_jgRZCnH6TSBRqhag&d=CokBAKAmf-D7yeZKkh7XUi2DpGathDOOHwy9-9DAO3J19YLKU6HgRJgQCdW-obKI4ceC_KpAVJuq3DeX9LgbsasmpkLuVlcIICHLPioYh5hf9VDHbqVC8AiOFcgg9xcNbhWkHa1FGKMNlV-OMxSiS2-N35RZDS9kIWOs7SpiM6ThMtrDPQqss-53hKMSmRUAoCZ_4AI3ABxsTgehjrDTm3oApvPFWYzLcGcwOPtNDlSCB1CMq8H3WhXfpdeXK67tZ4ZCvCNiTtOusNQuY-UFFJrRE2CBKnGS_AkZ2YYGfHmb1XVxrzJawYsdcHxMo9pAIKN8RosTIgcXk9xZ6qdBPcZ9TSWcedMXNEUMtFpuDiDdc81MY2TTEZtVv5-c_XZaRjXvCidlLNRBI6j0hlcjt1HfWhj3-Au2PmaGmJ4__zFXF7kK0EVA2ip1nMHtVOX82ijDW-BdkB4bfvLfPmPM9cUqOGjCls00UmR9k7TC8pwbXuqkzF4TJdzvY8HQMwpv_03bvjxaT7iXHmSiI4DkxqEksh8pAaX8czD_qem6tZPVUwsYWyx7sdE7RBt-aT6KwzVwchWttCqDlaVtkitg76JwFt5to4yKQt-cZJI6EedEWCHxKH0DHSXZAXr0zysT4GtsA5bfYpgVkKHOfDDoI22p3NZdUu6ZH8MgYDJZB4_s9FY-ZrS6nM9RSqheKZuBP6qXXzfM5ISIvF0JTYmLT7vlKRQYOfKbVZlg2cA9luC2twkqynfBNc22PNqM6mpbNIl95eBjuuxROuAbBSBpp-xdOFCrwJ4IQdxxNrHtwTvv8E6Y3gsTXSHsQnf3nuulYHMvn8Ka_Rook_MswqVuXp6_WCVlKYCXEkQufuHCyhvADOW_YxsPZxGMTmkvCHekOXV_n9YjC1WN5kpm5u_JR22FiPzlFDCZifzIRiJbX551HzGvmXs6o2wLzb288307PmrlkUrpN1kUL2vOAMhUjK3-aVzd47VTecrnMUa1_bh1U4lodo1huEQya4MZ0i2Sl0e52Ox8ntE9xRultVwU6JrqlqYvYPltitRVu3OwC9OMwnf0JL9qivVsZGvyId9pU6aEJlH8bJODsKzmk_SKC3gbkCua6u48cTEB56JUtFO7E3jQrCvzo9SKVFP4Ll6MMQ93EGmFuyJx85grjYXjkKSVbv-Xnfu7Gwjnnaa-gcTdOfy_YWPuhXfnsBHe6SlKA9DZ1w2h37odTMPZrOUuZJNU-Nq5o4qmR3UMzv2HnQ0WFzehV0_joPy0ARWuvicmFbGjm3xLjB3gFraa7BShniyZ4mBYcv8TO8z4H_K0Lemg7Ejdk0sokuIBB37MnyEb6N-8pH6vrOWeaSLUgmZJByZF5jM-gnv7STotUyOIkUK0b69f_lNBBh5BiigijzO1iJzFg8ekjXeLiUBXZwNsYvkpwZD3rNmA2Kw8RolSN-edHO3kOhjzls_wT8hjMpsCoBesaHIDQt7VEgj-7m-mLsgbOvA7F07LNMP9gPxfPTjITY5otrp6FuvvZa25CeI3mrgSoh6GZpgsFHdCla9i4SYeVlBefGGpW7RvGIgdHkSgsUnquUkIzg1EoLWKY0rqHUsYxkkbmqVbQxwZAHA2rGsD9iEspNCqm39oam7owbW1Zcd4Yh7Kdws5lwK4WloAsjvuU140BXi9jyDbiFxreLlCuOgNw1TI5D8itXCuPfxA7rPytUowhcy6NJj_LcGCi0CgRYRu0lL98B73YcjEl5u3Orb5Ha9my68Z8LuxcPP-o2j-Eeq0yFlA0F8ME_wtte-7gYg8u8a7vdCanka9EnYUxdhWeE1DHJwFFpMBazByfJve9dB_r1mzZmh7YxY3hpNmjBArCgKJMQVF2mXisyEewIw9RYxmd3HqR4C8Hj4YEs8mQt3YetD4nf9YNymTC_eBwpZOBZgHZuUULhXlSa8_sfOdaPDhKNYRXaZ31f-cc6-IVZufyOAqNyr6oWsRAV2Ze0RUKmwyjl80MtMvjIj6K8ly4a8UYjAuJw0yhx0Pk9hz9242Uje8TmJYVwRxN6AxWMPlmHT-ZGDeie5FL3mTbvUjsRxh26XtMI-yJMXBFlXs_aLUT1BZVG8xWH-woLn0q3McWi0LsRPCb9pnhaycqyht7MxQaoNyW_46zyUq0eaMr9wphJlnDtTPlHS4DW0JDTnBdPh2F6NiKyqzxevGmVwMEbFnUk_HeutmTQnceRmp07gbYXhuqckWNPGR_sOv7zG8og6XpJI3x1R9wVavSRsDS3IGPWj_jkrCz29nlTw7-A_DNUe_diBCXAi4yWq0vLx-KtyDfPS3pbbR2AKLuAvOjXGy59VBwKl95jX0ep82GKx1YRgWyQYstDtJRCOygLPwE1JgvlCSxu4GYdGV3hbxqxaznS4agMxRzVmtnqCdZ1DHrFqelyHEFi-LXRE3Do3NdrBMYbbr6XNCOCtjnVQvFpQ_YYC2HZrF7JnMrL7GcG2E5aLywEeIcaynFO9MLoMHTF46zPz04X1PBCR25cpwwXaZRsXTzFi3OyWOVxV1R_5NVLAyhiKwpW9Px-WaXPNNbTDL0tj4F8FYYW5wK1gJ7JRwIp42so6ct6pbKUpw_JbMKXIvFW1EMdLrXQETpXuAYfv08z0_O-0PtTsX3RI9wRu4RrJezZrPI_qcslrb8QbZ5d-UgKqqwoYR2hM4UyfCB9yEFaWx0UeSCOb7O-2DOY7gDNEQMKWnC-IsscUdHId69Po2KOlTfTLvACoL3y5nk7x9WNdpXQT8QPR1k9dBVSIEd3kKIhUJJVTp6VFEvoEsM5XlafbQhaxxWGh32KA_zr56E0TBYK-FKK4YtkEF3SUy4TVO-PsVSLtVMn6O8IqrM0NGzhfShgtY1K9wDE-wz24q9KTVF3LKGvCvC87MZb4ZlrxMUhzZ0644hTd-rb0A2gl7YZLyDlF22IGR_yD02MpmAzLQKiCz-i9_YHsodlNylnaegEnNoEIpcB4QSSTfPL7ujBuhUZQYYI6Q1Dexja0Np-858XbcdmeOIsETUeBQk99kF-RRkJWYMvS_tM412QeAzCXIwdDuLqe4MHbL_WpKBur_KLB7IZKnOlF2urEmiEOgdWP_4RE4vk_MqUPHj2qQbY2ePYAhkNyS0ruipyEfDBmMFhaQUFA6JVOzx9RUZvlHIMo2xVIk-DDmonCdyzOqvlTCPK2yRdeFFnGCayHyMlufu6eUEuxfYb_4PRDN2Gs08IAkF9gZ8PfIN0S35IAhrOAcRVDbB3NhrjLNFJ4Ww4Ov539MYgl1EfQ6wxvrJyb_KKzDyXySVs_x2HTweInKM4uFeJ39JaIzji7yL7xBfiec_se1Fi0z8ABBrFTyW_FifEL1Wsun7OOF-zjUPptc4WiVFRGztSGTPfUQOsO_zo_MVRTdZrFp_X1tT3zcTaD1SXfNm_OmrMOI1ppOSrJV8XXOlC-H1akmgdVM_KA-G9MdrRLukgZ6r8CFgEU3Ps4RvdxTFAGu3dKkOZxrpo70GP5067uDN7pycaEtA_u-bi8BfiYISK8m7xfenKQxp03YC1M2vTc874JRGgXFZmPJmS_zH7lHtJNn8nnA6Qufc6a82GM4kODER-mEc4TQLDBINBkfm6ULm8GUGZuVDwtMuaNjSyBZqrjPOVP9cj6q4rSW0pmEs5kyT_tNTBG__oG5PoPC5ASzkLhv2cjojLxlQKoXX-1Slp_jUjqiSV6wcP6sf-RpGOFa2eWOAlSgrl53eRApJdwQN2_w8A1gqMfEUWCyXk4st9EktonZ_sNoaGvKs2JfPid_AutIX2eUGlUIBBJPAC8eF_-inmq2eqibma8JJkeSI8fG9K_mvx2xTcuam0pjRQ2KV9OXgB4ASh2Dx5vYLr0ZTUkVfqhPibOlxUHEjez3gH3OX5FsHKn0BxxbURgBYAE&bundleId=&ias_dspID=3&ias_campId=1014708912&ias_pubId=pub-8556862515989191&ias_chanId=1&ias_placementId=20736634266&bidurl=https://www.onworks.net/onworkssession.php&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0i37aEUvcqrPIHIGobPGH28&adsafe_url=https%3A%2F%2Fwww.onworks.net&adsafe_type=y&adsafe_url=https%3A%2F%2Fwww.onworks.net%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240201%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-3-%26adk%3D84980951%26client%3Dca-pub-8556862515989191%26fa%3D1%26ifi%3D6%26uci%3Da!6%26btvi%3D3&adsafe_type=d&adsafe_jsinfo=,id:64f95364-83e2-e406-70cb-1890cf9dba08,c:3rJoNc,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-8bdb8bf7-lxg8k,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,tdt:s,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:13,oid:88b52138-c4e9-11ee-aff8-f67752bd024d,v:19.8.478,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:32:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45823
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:32:36 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 87C6 31 KB
12 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 00:25:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42672
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11928
x-xss-protection: 0
server: cafe
etag: 10551285868935850944
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 20 Feb 2024 00:25:07 GMT

GET
DATA 200
OK truncated
/ Frame 87C6 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bf88b8315e9fc15c52dd7da1e3a68e4c760a9a38f9666747d88479ac0ccc9913

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0306 0
20 B 61ms
61ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BRnDGEyPCZa_eH-TB9u8Pv5utwAQAAAAAOAHgBAI&bg=!qaqlquXNAAa8BdJLnAU7ADQBe5WfOOgUf1q7XiFb0yz1xhQWyB3xGJKvMIzgFtip8FBi2UDVAAShhF6eSLHFy2BHbhJzAgAAAHNSAAAAAmgBB5kDDXq2MpGth3KHl8VCGB7lPBHJM5wVmAbmY8wQLqeSx5kN3Xeavb-AulXeayKHgfhzMYtFEkQQovtGL5nYQO6EIRrpwdX1hIbmW5pXE6raaK_DZFs_dTQy09HoDoWgg8_-lzDxGIIgAhaNrkYoKa_rJIr73PbtICWgn6tqnKhn05od-9BEHMFAdRIxtHQxpHpY_LZcrqql_-PSvsfvpWRCR61BEnsdkqlNB8EKHXaFS6UHgVCI3CwsVng5UpLzcJ-t8dCScB7TkE2EFVywYmrGEbGr7os2aj-3KdLQ9ncCcshKbo7KEBDgevet_kgttkPknWa1ZpzJ-nTc2VG74nArmHk64BsWHfmBIHzBinQNvlhFRPP8Ih-HDp7q1eeeSSc0abnUC0o-GWCb19GMY1ehqfkR9Zv0kFn6QFPajd8Mon50GOchk-M0y0lRyAiK1CyD-NrmL--ea_6ffeOKMcvuv8kAAks9eN9r6R0oDfGi5cnPUpoPkHcMTILhbCNDVDTOXy-fXZDJfBmOAr630EwASJXUSj_m0T17sKqyaLATM-yNAYQJ0NnSgKolF8Dy3UU67Nm533A17IkTQWcC4DUDqZnaAlXdPYIXgSn2ic5Gt9JfZFwvypSP2OGYxPsmK6y81P73yh9JP1AkSbLCbEIA9oc2Yo6rpfQnytc_0naMwjh38FSZamjYdJoZkwn_HUGTuQlbWZI6w8uzLZfaLHuUPOnLXSUVVec26yyff1x4qeGCePtN5fvbr81QDWhs8_Izj2DcrUHVAOF5ePHdQvknA2BOa6wn4uYF7WanNVuZ0HYn_zD50L8YZ_J4nbOVtHX8agBTYY9Kl8wCU2wel5hxAdpRONJv-vMLcMqCWAAmCyXpgi_SzrValFM6w9Gu-PLTVh1_6RASJXWbaC9-hulSIhT37YD3n1Ece-gNJCzgKU_-B5WlAU32Tb0z_5kxnZnOVpXuMyaHJ_j9SfiW1HPNtBA1O4dGR_Ko--NY4KdBeiNOa1EQesRw-ekxDRkw-Mhze9T6g29ozfsQtqW4A1o

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 670D 0
20 B 60ms
60ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BQH71EyPCZd3lIIfT9u8Pr8-j4AYAAAAAOAHgBAI&bg=!AgGlAU7NAAa8BdJLnAU7ADQBe5WfOJvcn6VqpAJZQdkIeu-nfryH9BHFOH4Kg5YrPOxsZZg617SA87V9XW5TGqF_r1EfAgAAAG9SAAAAAWgBB5kDIJXr_sbSfkOBfO7HAXXH8slRRT1UxssjSN9pjFlgzCpl9gNMExB44ud8DDNOWdlrchg2i8dGy1ZALVAF1PxUa7kky_YB2_YJncV379j0gx4O9aSCh65uk_9cQHKWj7mL47L9Gvv8sUMeyO4eW___768ebirUpti1BmDJpYfqbrbhyRgZsfJmAMTqDDCA5FyD4hr8G1xzsxsX012WLJF3pb0xtqA9gW_fvJYB263ZGKIY2PPeRz4tWts_iSNIsMogw9nDDR9o8MjCITy8q3HnQS8yypU_or1Xe4cqKMJRtP4DlWKzodSiGAKH_hdmqIx3qNcVQlKOkvLm-2Lr9FYhDnXEfrOpHlDnW9fiW2bIrHc3-aeZbhO_ESebH_5oDUCXoZzvF7fQ2b3Q8ProGsyggoDJoemACVDAanhQ5nVXjjWyjuix6mEOL8gkBGJtVlKRjzJe7_7Hz74bO9MeNboIMdVyuCWscfME_SgkWXE1D5pySuAjPKXPjk4uK2KnTpsm0_50HIiosc6E-DkWvLcG_jbkQfMbNxoP39rje599I-djXNdfhVO7Mi0kCWRXkgukzwBZjDAi3jPbAXgrqNvKz9doocPuPnJrlSo2G3fyL8VT8VgR9qTqi8VWo3ud5D1h_SQhJ5utfqiJrkDoIt9nKQrkrwkYd38OkJzhgjPKpDZPSps7tIlgyu6S7t1pgXtLderl4ZxyG5oEW7R2jqlFHweac1WdSsGZDUkFztcp-f0XvcGK2WNI3BkDtAMCqP99CrU_wm9aaReNT5J3ijy9l52UxkFN5FqiErG-6HcKDhU_yYZBYpaKTqTHgk6slNumHlHBovJ2_1UW9Bzvs73wrS5RZEuLpdsmZ0m_D1S_1MynxqydWfCvc19CWkaUufnuf2FyvAGl96xT9FAN_KdHRvP69ipDE9Pps2K_6_Ckx2rHYqPy7Kf9zErUZsRJG21kX0S1kxeEiwIwiVigYjs-A-oV9asu_R0c5jMQeEfcf29WRfPlx3NGgi7yesXwk_WXdh4ud-DDTHzvxvQ5MvGT--kNEglixUh5TZub-zZvpL-1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EB4B 0
20 B 59ms
59ms Image
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=B_SW7EyPCZeTGIPbn1PIP_5eQqAcAAAAAOAHgBAI&bg=!KSqlKmXNAAZVxkGXdcY7ADQBe5WfOPFlQVmf9RQSY4iis3HSYeyvs-MH7gFiwr76BLJ6P2Fn8sTNX2hMVtBAedbjRf7EAgAAAI9SAAAAAmgBB5kC72DSaex7Xw25OVPtqFxBqgRMhJkeg1giQhnvj7fq1fK23jxtMdj81EdmMIkJ7GC5KxgpAmXx_qOrCNk-aYeWtW24ofb1GNpX6G_5yw_O-bMhDn_ZAtIJBcLWqAXQOLb9z-42a3T5jaOXQ9Y16dDncFo4jTv2sL1Pwi2K0jtb8IGB_qmNZPYxw_IG33U7mKpyQORKPgBhBs9Ot0WDDiPNm0F_jP9oql3EaOKYYxeVY1dGPcq7PIFRgojRjpMqEsQnbNQ4CmkpMaPoOZkXu9tawM4MGBgNruajraI-r7nNKfYqeqmEmlep2taC6AkDYglBMpgtq-xZfU49kHz9QKwrg6JfYNRMkCJG1PhlJDYJNUGHuiZkSntiITqd1y2LhlZkSXRniDUEajpV_WxFc92jY3qYuF4U9hlKZGA-qo1pT550eifwIwwqqr_0g8XXzL3lE8rpyi3XGrRLiPfVLN_vXEO4X9xY4wQ0z3szuKUBQ5ty4JfkR1cH0kwfJvqNJvQmX3PabP1WgiwtV3A1dFqOdzNxvfm5Hrb1cGU-aLwF5jgN3eQqxUX2J76BqUa1oAKQLsYtrlyNF9R9P9lR9k161BjnwaOSpMoYR7PEHk9YWTGzWyfA0hE7ubGcoEVEqIEWSJKlo2kRwRWcRg77U6ItmhnlSraU8dcvXWhf-6mGmKiHeyJOgOgKCgrecALTyl1asoULaySk-vmbvmPgEbr0pn-wc7IK7xP2nJGRG5vewzh7mSVhB9AIqOebw_d55M5Nmd_cZ-9GxNq2rgJUL5aPDygnmO1aZu-L0Emf2UcJEy0UMAwuh4KPWU9XfWd9Wsm0JGalbv4qjzzxaJoIWzFV5gHeFynQ4VSxpuIivCvpfh87cFD7WBnM_gXpRTMuw82Cyibd0EoveVtY79SRco1uhF4_lN90ipb7Aly1pjizgTk6oEujnx7F56m6Ey8b8pYgHVa4XGaAI6Qzg5YBV8tjYIm9jBi4VkjRcUPbbUJzmkI

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/havasfrorangedcmdisplay758646212611/ Frame EE26 341 KB
116 KB 171ms
100ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b9e71698196d00509c5ed502305fab643ed815240fbaceb0d0ffea230635be5a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:57:22 GMT
server: AmazonS3
x-amz-request-id: K2R4KXSMSCR7BJ0Z
etag: "62d812b9e4ca210b30dee23c2ceaa7f7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=39597
accept-ranges: bytes
content-length: 118310
x-amz-id-2: UiCi4nSyIAM9jAx8V96nniidx34GOQbvEeykDEGmh0E9O2YhHj4koNPXJGeHbh0oqRj2MyOy3A0=

GET
H3 200 2023OP_BE_Janvier_2024_120x600px.html Show response
s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/ Frame CBD4 7 KB
2 KB 80ms
27ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467112297ef0abc5c1706020521163b36b73bd0491bd413750cf5fa81bfda63e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 102106
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2509
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 07:54:34 GMT
expires: Tue, 04 Feb 2025 07:54:34 GMT
last-modified: Tue, 09 Jan 2024 17:13:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE26 0
0 140ms
69ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsutt50-QrRlMOPkGP1rYhUs35ADS30u3HNqXWR3x8xiQJJWkDrmQ-tKcHRMTe7nMnGimLjlvANJ67fp6jasxY9YVs58fkveXuP6ing-_e0iB4Z2wHIikXZNjoCRnMRVZR56jpx-bkFLx25gizrQ7mF98o8isCZlnk24dbBPJObyK_FDjmt-L_wez1SCoczJ1rNjOvaPsLJQZjRJhPusIbdbinDGHoJfnqpD7H80evKPC-hY-Ik-cHEvyRfwQC1qpiUsWW5bGv8cry9eU31QoTM9TLkRWn-Eocvvy0OliMVwZGMD2jloWOeloGgNLIBrcAliBD6yDI5NGjGt3elm1ZQP7WsQ4BZ4Q3s03ZE9La5bgSHTAQ02ITo3LUHwXTi67Vq3Rq25YMCKrH2ZXWp9OSCojAqgEAoH0HmdzzTsX30i92z9QxqVxGJFzGW-tW6H8sVQOQmVGbbgiJJdctI29YoBe9-J5VXaQfL6CoHStb2-Ipz7onBElePxg-tZb7dTy3ajEBOesFb2L2oaXY07l3hbr0RemArzkT3UI-kwb2QwtRMD9mZSiKuxq3BQb9thNNEG99f_9j1uLxcYvm9C56Vl7TVQS0tlDnYeymFCvGvz1HoXj8K4cIKkiPJaSizOd-7oYHKL2l6sBSzUwdw6f1DStxg2hy9u8Kv3tfqgpODXUjZKWIiOo4f1-5dFCFCdJhCve93xUyPUiecFzm5WqScquChsEJagiWV6oLviVYKORbNJZ_GS-y6s8GO36NtPqsiShEg22hAoKgyUaVagWCVECWVedqcfnbsAdpCulM01B3vOx-K-g4tqli_NkoU5RVMyD5QuNKc-jgx4_ibmpnneowzoOd3GJeF0SLMMlsnbCfQA1FGuvKZy8OtiE91vW9EUtrkzKMsI6w-CwHii5JV1P9NdaN279u39C-Ppj4zXNvYowPtxHvFqUbsK-NOb_VecqMP54gsFGiyp_dg_jcmFzu14tt9TT0ZE1ITUW09QVXg28DxHzYbzxiMlnMVcxHRL6vFT3wCG5d5vZuDO0Pvhp2x99-eAXH-179vbU6eCE5rjDS_Khd1AG0Iq_p-4ujWWzXCDCDvfNDUIJ_h88l86pNpqYNzhmztPXT2j3DqWQtFhWBnQGQ2FtHQWDfbBYtxfc8syzQrO3o1VnQeNL4hpo0vlHoBX1mjUHm087uqw28_Aot8WrME7IN3UsbcewoJL35hhb177D5mkSu5bNrZNTOPUYnn1sMKQoa2jNkNPgK0Erz6CylP5VOOD9-wnNOVhBXd0jJk4F8b1VmiotRO7sT69yOaIzxtvpY39LhFNbq7UM0o5jXnCqA&sai=AMfl-YTsFrIu7f1K1DP2h2ViRarR84W1thTLW_bV2btAV41nMYpXvEwg8PFqcZuaBqkIIfXEE_oIN-VYGBxGI9o1ALZ2G-V5vkTOKkKM9-iSOh1VLtRQhR3KJ3P5is58nBArcvJs-JFVru8E0kha4iFeL7x7NjAM-Ynp0Zpk5-RQKLuIQdUxRSwobIz3FsjHi5s1zx8CqKYN8wd6lKMffjqWjkw_J0tvhLXMTyCb6N8ncDC_x-xsbpoONW7Br3GYnmrkOX876LcUvPEzy1SnQI30ymp_sX-C19k0xRVkS14j0-YB9pyEZu3SC8cgrlVKlD61g1Q&sig=Cg0ArKJSzPjCHObftTZaEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=420&cbvp=1&cstd=418&cisv=r20240201.06183&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 moatad.js Show response
z.moatads.com/havasfrorangedcmdisplay758646212611/ Frame 7686 341 KB
116 KB 89ms
25ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: b9e71698196d00509c5ed502305fab643ed815240fbaceb0d0ffea230635be5a

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
last-modified: Wed, 17 Jan 2024 10:57:22 GMT
server: AmazonS3
x-amz-request-id: K2R4KXSMSCR7BJ0Z
etag: "62d812b9e4ca210b30dee23c2ceaa7f7"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=39597
accept-ranges: bytes
content-length: 118310
x-amz-id-2: UiCi4nSyIAM9jAx8V96nniidx34GOQbvEeykDEGmh0E9O2YhHj4koNPXJGeHbh0oqRj2MyOy3A0=

GET
H3 200 2023OP_BE_Janvier_2024_120x600px.html Show response
s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/ Frame CE84 7 KB
2 KB 77ms
29ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

467112297ef0abc5c1706020521163b36b73bd0491bd413750cf5fa81bfda63e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 102106
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 2509
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 07:54:34 GMT
expires: Tue, 04 Feb 2025 07:54:34 GMT
last-modified: Tue, 09 Jan 2024 17:13:21 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7686 0
0 134ms
68ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxbLoQAnZ5gu2Y3p-ob8M-InrUGDh_yRhYaR6dJUz5ZGaJ2IqupbhyvHmmjWggMNcpjfUlHeOXpBi6glwtvA3zdaJg4AtkgbfxiLAaJTqyHAKw_B79c9yZz_iwkX7bzryFIz1wYBu2pwGj8IMiAYXKCD4idjVQwmIhouziXqeEyM-raA62nuJzRboFnWE0_weNDKaJE4-Jt3xjZdoXTH89vloWZqIRCtu5145672qElSsCYyvyxjaT4u682SOHWSDGLxHOjx8ZDNFyWnqsXrPaiNB9_zK6ai0Kw3Nh95-D1d750Wsf5UdBlhHOCHA7pIVYpDh8WDBcOOHoqgh-h9Rvaxm8nMbrfzRWYN_ROLONUWhNKX0fW8Wx0mkm3XKImco6KtXgMZxtr3v9vE9pDDbAvuN0NRxJFk4OoIey8gdUc_NXmTGrcWSk2TXi9syQegP3iLhqCd-oK-kt6gr5DfcTxgK6lLtHvPW3WCsb6auRmJLEUh8sT0aoIMUC1BDyHVxbKo8a6DV8shOsgqvNkZPW7-FthOsBoEsCsDz2osAJP8mgg7mqMRLdOIKp6QD-sHNwzYirexciETgSHG0-NEmtfk-LJKpLHi9bgFJF0fsL6ycIdhs4tQy_slENIFho7e--e4NTgooqhE1ZlMBn4QeZjYkDIlKCNPgS0Lu7-Em8v8hx_k17WNxntycJahG3v3_RLyZWuOPtS3qQD9Hy5yz6VE3p8ZLaMk-J6T_Dkpm3qirfESERYvlqkwHAxDA3w_VvgFbjVWWcgWTEZIH3IF5mFjoG3KKPll07VX4KJ4SnlLKc-7NdNVO77TC4If8U9V0lxboMHlmZpvHozRCOxqo0Mrw0TWYBD9hl2AtEy8c9-jKPmENe3r2z2UoeEkVc0MNtUZhdlBeun2QQ17xVUtxM-kFUjhdip_FEMiVA8d8ZTnXkP12vcfnLoRcZmmNTie7MHTMK4G2UZ1j7MUqYoqCYF29tsZBv27wC0mvDTGGfFYJMnjb3WiwEpYhJJxiS-I-OoVCpzFO9CfeoayxTUvYPx1K30rrfv3LDBcBjS-u4ASfkWy1oUMqwYFaynfqg3PcprwgsMebrFtgYv7RNImH5jERuDgwNUo5fkSzTOkVihJKyeEiX9Ronb8yOPLyHNw4YttBnvICoXqrZRwq4OnUA6ATsWVQS8vYIcUAJOsQYl9LAoj7HwKajKbWm5UI_fcetWpkUXKcbCJWkIP7RAJtaBc3uBokElJceHPVMnM2_YH7Vo92k7sbomPtUEfhpOFgKFrb31fgLQrHKFI7rCUpPuSPCrlRBFYiL4t09UacbkvqSXsECjkZ9oQ&sai=AMfl-YSDPMc0AbpDUX-TMR6nAxUbTJH8hcc6v1BhC73VcMDpDgSlFtw_H9Lq8gox31WBWopV9j-TLR-hLO17-mnf4bOp9uc2MhRguehTvHzoYjOId_kiHh_-SkJvC541OX78oXXIBteUuCyxxPznDJ6l7wbW8KQbHSm2hv4aOZsbVQ9yUt9EGrbQBKp1kfnfOazjJNnREKdrVfqek7WdKSRDcHsZSymKrTGbQPZmTAenZ7wGYOhRMUJzNpvJkuD0hiWh7PJJO8n4lRBgq41U4GLtzuPGve0MqI_JtLlH02nnYg_klKLzbUzA0JR-gwcK8cphUz0&sig=Cg0ArKJSzHQkrZmqD_t7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=340&cbvp=1&cstd=339&cisv=r20240201.24415&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/ Frame BF59 255 KB
163 KB 71ms
31ms Document
text/html 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f8e57b2e69ceb1091b24334ec346c53add32fb4b3cd8592cb42c8971aae2719

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 108750
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 166927
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 06:03:50 GMT
expires: Tue, 04 Feb 2025 06:03:50 GMT
last-modified: Fri, 03 Nov 2023 07:04:29 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 87C6 0
0 129ms
60ms Fetch
image/gif 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssg-oauyAN5w1LYoNzVgh6sq1z7GG44s-HCkyBPzn9yENV2gNm_NH5gUx9qiQeYwE0Fgn6zSgJaGE78r1XRnF-a7UUgtdidVEcCAKVMgp_BRa3e8vmMaxv-iQL_0aRJe4xQy1tSvvjpbpVVeiQnqnIv2gbYWimprOZGz1zl9Iw2CHuUjG9Xp_AbhzPlGFuit45I-8yJv1vlumWZQ6jImwQhFs2lhFDPdeA6HuiZOmsxv7KG6FzGgRw&sai=AMfl-YQzBosM0-mg0BnrU_UettXHuWqGixUoB44w0R1qYqTQfrejU9NYujEgtFkvO-ureRWsOGD1K_E12ech4TTKBfcEcEGDlvWzG9dubU5N6r_E2xLeX1EY8Tr8A8FOVRjT8v5kJ4cVnqYSkyUUL7vYRQVsk5A&sig=Cg0ArKJSzARcJNUlaW2VEAE&uach_m=%5BUACH%5D&cry=1&crd=aHR0cHM6Ly9jaXNjby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=155&cbvp=1&cstd=154&cisv=r20240201.96537&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 168ms
168ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJoUb,pingTime:-10,time:446,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjEuMC42MTY3LjEzOSBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1707221780066%7C%7C2769812a1ba2c9f0cfe7558a4ead3729%7C%7C1a43c5a595e6acc2c81f3001d0e137e1%7C%7Cf21388a39cac3c5f0304c6c868b3cded%7C%7Cbb40b0ccf1cf6031a101ee18f5d19278%7C%7C820f0c5259a6442b5ac4401508eec74c%7C%7C4ad687a1fc71d39afc251434224ed3f2%7C%7Cf359a8ee9caefbec5120c77447eae801%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
server: nginx
x-server-name: dt09.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame CBD4 236 KB
63 KB 172ms
76ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Tue, 06 Feb 2024 12:31:20 GMT

GET
H3 200 2023OP_BE_Janvier_2024_120x600px.js Show response
s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/ Frame CBD4 221 KB
37 KB 79ms
78ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae446fe41e1aa7dc7a41580ead76bf09c401499ea577bbf4c28c12a4c51cfa67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 07:54:34 GMT
date: Mon, 05 Feb 2024 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102106
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37500
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 17:13:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 createjs.min.js Show response
code.createjs.com/1.0.0/ Frame CE84 236 KB
63 KB 136ms
44ms Script
text/javascript 2a02:26f0:3500:11::215:14dc
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://code.createjs.com/1.0.0/createjs.min.js
Requested by: Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:3500:11::215:14dc Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Apache /
Resource Hash: e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=900
x-n: S
accept-ranges: bytes
expires: Tue, 06 Feb 2024 12:31:20 GMT

GET
H3 200 2023OP_BE_Janvier_2024_120x600px.js Show response
s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/ Frame CE84 221 KB
37 KB 81ms
81ms Script
application/x-javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae446fe41e1aa7dc7a41580ead76bf09c401499ea577bbf4c28c12a4c51cfa67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/897311438824013824/120x600px/2023OP_BE_Janvier_2024_120x600px/2023OP_BE_Janvier_2024_120x600px.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 07:54:34 GMT
date: Mon, 05 Feb 2024 07:54:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102106
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37500
x-xss-protection: 0
last-modified: Tue, 09 Jan 2024 17:13:21 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9E9F 42 B
64 B 113ms
60ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuttqwW0lyDkcXGVM_9_kXnQ3NMEgJkQUC3JJkK4SU2yixq9oTc-NRHx6gkCuZloMvO4l1O01SPTs1wisiRciMFrEIfQBeGDa89j0r_1WNwNkdEaMsYrxXcWQxpY6JcL0DhauZJk4fKEZdD2QRrrB8JVBRPDrscRCJruw&sai=AMfl-YQsjNUy9n2qnI8il-jR_CXvaMe8kL3TW2qVpMociSaL1Jxb2grNio4z7fISuZEbf7Sm1BrQ6bmh4ZznngyWh8VXGn_DoZF7BvL0t9q4Hh8WMtE_kDB7jSscU35WRT4EHdkKjXUiDYbqAFW_MBdf&sig=Cg0ArKJSzFRHSZcnPmepEAE&cid=CAQSTgAvHhf_ukmAWtngJCZRCUHFS1vcH1DOpKLcKA9fAn3wVjQQBcz7mAhx_VQRSBtbzH5WBCnVxIklounfug3bUE2yTT0d7-viC5O5bqRSnxgB&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=4005142704&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=315457900&rst=1707221777809&rpt=1347&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame BF59 73 KB
73 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b2113a1b09099052772c662efbe513342d32cb95ea407c9d3eb524baff671a0c

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame BF59 71 KB
71 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a092ae7a8e93111a90129df068970838bfc6a2453211fc2113e0c4dd534f214

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 87C6 0
0 60ms
60ms Fetch
image/gif 142.250.185.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjssg-oauyAN5w1LYoNzVgh6sq1z7GG44s-HCkyBPzn9yENV2gNm_NH5gUx9qiQeYwE0Fgn6zSgJaGE78r1XRnF-a7UUgtdidVEcCAKVMgp_BRa3e8vmMaxv-iQL_0aRJe4xQy1tSvvjpbpVVeiQnqnIv2gbYWimprOZGz1zl9Iw2CHuUjG9Xp_AbhzPlGFuit45I-8yJv1vlumWZQ6jImwQhFs2lhFDPdeA6HuiZOmsxv7KG6FzGgRw&sai=AMfl-YQzBosM0-mg0BnrU_UettXHuWqGixUoB44w0R1qYqTQfrejU9NYujEgtFkvO-ureRWsOGD1K_E12ech4TTKBfcEcEGDlvWzG9dubU5N6r_E2xLeX1EY8Tr8A8FOVRjT8v5kJ4cVnqYSkyUUL7vYRQVsk5A&sig=Cg0ArKJSzARcJNUlaW2VEAE&uach_m=%5BUACH%5D&cry=1&crd=aHR0cHM6Ly9jaXNjby5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=320&vt=11&dtpt=165&dett=3&cstd=154&cisv=r20240201.96537&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.198 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 LogoLockup_Vert_RGB_white.png
s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/ Frame BF59 1 KB
1 KB 30ms
29ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/LogoLockup_Vert_RGB_white.png?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 06:03:50 GMT
date: Mon, 05 Feb 2024 06:03:50 GMT
x-content-type-options: nosniff
age: 108750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1502
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 07:04:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 TI-Networking-and-Security-Convergence-Overview.jpeg
s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/ Frame BF59 23 KB
23 KB 28ms
28ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/TI-Networking-and-Security-Convergence-Overview.jpeg?

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4abc3020e4777753ca513a5e632401ceef5ad863e36b65676c819711bc97d318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 15:26:12 GMT
date: Mon, 05 Feb 2024 15:26:12 GMT
x-content-type-options: nosniff
age: 75008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23284
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 07:04:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 n.js Show response
mb.moatads.com/ Frame 4A45 84 B
261 B 131ms
32ms Script
text/html 132.226.214.62
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/n.js?e=35&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-pXfZFj9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-H141M1%2F1Kg7M0g%3D%3D&sc=1&os=1-wg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=0&qe=0&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780215&de=765369044925&m=0&ar=805b0ce1b97-clean&iw=859666c&q=2&cb=0&ym=0&cu=1707221780215&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=31344366%3A4440622%3A385695001%3A208112191&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&bo=onworks.net&bd=onworks.net&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A73&jk=-1&jm=-1&fs=207009&na=678460814&cs=0&ord=1707221780215&jv=1180905338&callback=DOMlessLLDcallback_46281706
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.214.62 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 53d2bc565228860175bebfbca9c8536784aaaa6c74f0ba3993a2979be1e52ea4

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
server: istio-envoy
etag: "d19a97d4d34918b6a079a59d9d0e1b031c8f05a4"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 6
timing-allow-origin: *
content-length: 84

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4A45 43 B
265 B 40ms
31ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780215&de=765369044925&m=0&ar=805b0ce1b97-clean&iw=859666c&q=3&cb=0&ym=0&cu=1707221780215&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=31344366%3A4440622%3A385695001%3A208112191&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&bo=onworks.net&bd=onworks.net&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A73&jk=-1&jm=-1&fs=207009&na=455305359&cs=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 TI-Networking-and-Security-Convergence-Overview.jpeg
s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/ Frame BF59 23 KB
23 KB 26ms
26ms Image
image/jpeg 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4abc3020e4777753ca513a5e632401ceef5ad863e36b65676c819711bc97d318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 15:26:12 GMT
date: Mon, 05 Feb 2024 15:26:12 GMT
x-content-type-options: nosniff
age: 75008
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23284
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 07:04:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 LogoLockup_Vert_RGB_white.png
s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/ Frame BF59 1 KB
1 KB 27ms
27ms Image
image/png 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/LogoLockup_Vert_RGB_white.png?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://s0.2mdn.net/sadbundle/6156178050224272882/FR-FRA_XA-09_0_728x90_BAN-A_HTML5_TOFU-no-Networking-NetworkingandSecurityConvergenceOverviewv1_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Tue, 04 Feb 2025 06:03:50 GMT
date: Mon, 05 Feb 2024 06:03:50 GMT
x-content-type-options: nosniff
age: 108750
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1502
x-xss-protection: 0
last-modified: Fri, 03 Nov 2023 07:04:29 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 n.js Show response
mb.moatads.com/ Frame 2631 84 B
160 B 97ms
36ms Script
text/html 132.226.214.62
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/n.js?e=35&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-9F00fIwzI9tas3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-HTLzQ%2BKAS248Xw%3D%3D&sc=1&os=1-yg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=0&qe=0&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780276&de=374855860622&m=0&ar=805b0ce1b97-clean&iw=859666c&q=2&cb=0&ym=0&cu=1707221780276&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=31344366%3A4440622%3A385695001%3A208112191&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&bo=onworks.net&bd=onworks.net&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A70&jk=-1&jm=-1&fs=207009&na=2117401457&cs=0&ord=1707221780276&jv=808871208&callback=DOMlessLLDcallback_49720059
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.214.62 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: bc9c7ea5651953b4f2fbd11ced321c255cb268422bca3f1ba1108243bb327d6b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
server: istio-envoy
etag: "5940437351ebc29c202aac153f675d064b13c941"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 11
timing-allow-origin: *
content-length: 84

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2631 43 B
265 B 26ms
25ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=17&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&bq=0&f=1&nh=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780276&de=374855860622&m=0&ar=805b0ce1b97-clean&iw=859666c&q=3&cb=0&ym=0&cu=1707221780276&ll=2&lm=2&ln=1&r=0&em=0&en=0&d=31344366%3A4440622%3A385695001%3A208112191&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&bo=onworks.net&bd=onworks.net&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&gw=havasfrorangedcmdisplay758646212611&fd=1&it=500&ti=0&ih=2&pe=0%3A-%3A-%3A0%3A70&jk=-1&jm=-1&fs=207009&na=248705422&cs=0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240201/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 7686 0
0 60ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssxbLoQAnZ5gu2Y3p-ob8M-InrUGDh_yRhYaR6dJUz5ZGaJ2IqupbhyvHmmjWggMNcpjfUlHeOXpBi6glwtvA3zdaJg4AtkgbfxiLAaJTqyHAKw_B79c9yZz_iwkX7bzryFIz1wYBu2pwGj8IMiAYXKCD4idjVQwmIhouziXqeEyM-raA62nuJzRboFnWE0_weNDKaJE4-Jt3xjZdoXTH89vloWZqIRCtu5145672qElSsCYyvyxjaT4u682SOHWSDGLxHOjx8ZDNFyWnqsXrPaiNB9_zK6ai0Kw3Nh95-D1d750Wsf5UdBlhHOCHA7pIVYpDh8WDBcOOHoqgh-h9Rvaxm8nMbrfzRWYN_ROLONUWhNKX0fW8Wx0mkm3XKImco6KtXgMZxtr3v9vE9pDDbAvuN0NRxJFk4OoIey8gdUc_NXmTGrcWSk2TXi9syQegP3iLhqCd-oK-kt6gr5DfcTxgK6lLtHvPW3WCsb6auRmJLEUh8sT0aoIMUC1BDyHVxbKo8a6DV8shOsgqvNkZPW7-FthOsBoEsCsDz2osAJP8mgg7mqMRLdOIKp6QD-sHNwzYirexciETgSHG0-NEmtfk-LJKpLHi9bgFJF0fsL6ycIdhs4tQy_slENIFho7e--e4NTgooqhE1ZlMBn4QeZjYkDIlKCNPgS0Lu7-Em8v8hx_k17WNxntycJahG3v3_RLyZWuOPtS3qQD9Hy5yz6VE3p8ZLaMk-J6T_Dkpm3qirfESERYvlqkwHAxDA3w_VvgFbjVWWcgWTEZIH3IF5mFjoG3KKPll07VX4KJ4SnlLKc-7NdNVO77TC4If8U9V0lxboMHlmZpvHozRCOxqo0Mrw0TWYBD9hl2AtEy8c9-jKPmENe3r2z2UoeEkVc0MNtUZhdlBeun2QQ17xVUtxM-kFUjhdip_FEMiVA8d8ZTnXkP12vcfnLoRcZmmNTie7MHTMK4G2UZ1j7MUqYoqCYF29tsZBv27wC0mvDTGGfFYJMnjb3WiwEpYhJJxiS-I-OoVCpzFO9CfeoayxTUvYPx1K30rrfv3LDBcBjS-u4ASfkWy1oUMqwYFaynfqg3PcprwgsMebrFtgYv7RNImH5jERuDgwNUo5fkSzTOkVihJKyeEiX9Ronb8yOPLyHNw4YttBnvICoXqrZRwq4OnUA6ATsWVQS8vYIcUAJOsQYl9LAoj7HwKajKbWm5UI_fcetWpkUXKcbCJWkIP7RAJtaBc3uBokElJceHPVMnM2_YH7Vo92k7sbomPtUEfhpOFgKFrb31fgLQrHKFI7rCUpPuSPCrlRBFYiL4t09UacbkvqSXsECjkZ9oQ&sai=AMfl-YSDPMc0AbpDUX-TMR6nAxUbTJH8hcc6v1BhC73VcMDpDgSlFtw_H9Lq8gox31WBWopV9j-TLR-hLO17-mnf4bOp9uc2MhRguehTvHzoYjOId_kiHh_-SkJvC541OX78oXXIBteUuCyxxPznDJ6l7wbW8KQbHSm2hv4aOZsbVQ9yUt9EGrbQBKp1kfnfOazjJNnREKdrVfqek7WdKSRDcHsZSymKrTGbQPZmTAenZ7wGYOhRMUJzNpvJkuD0hiWh7PJJO8n4lRBgq41U4GLtzuPGve0MqI_JtLlH02nnYg_klKLzbUzA0JR-gwcK8cphUz0&sig=Cg0ArKJSzHQkrZmqD_t7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=640&vt=11&dtpt=300&dett=3&cstd=339&cisv=r20240201.24415&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame EE26 0
0 60ms
59ms Fetch
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsutt50-QrRlMOPkGP1rYhUs35ADS30u3HNqXWR3x8xiQJJWkDrmQ-tKcHRMTe7nMnGimLjlvANJ67fp6jasxY9YVs58fkveXuP6ing-_e0iB4Z2wHIikXZNjoCRnMRVZR56jpx-bkFLx25gizrQ7mF98o8isCZlnk24dbBPJObyK_FDjmt-L_wez1SCoczJ1rNjOvaPsLJQZjRJhPusIbdbinDGHoJfnqpD7H80evKPC-hY-Ik-cHEvyRfwQC1qpiUsWW5bGv8cry9eU31QoTM9TLkRWn-Eocvvy0OliMVwZGMD2jloWOeloGgNLIBrcAliBD6yDI5NGjGt3elm1ZQP7WsQ4BZ4Q3s03ZE9La5bgSHTAQ02ITo3LUHwXTi67Vq3Rq25YMCKrH2ZXWp9OSCojAqgEAoH0HmdzzTsX30i92z9QxqVxGJFzGW-tW6H8sVQOQmVGbbgiJJdctI29YoBe9-J5VXaQfL6CoHStb2-Ipz7onBElePxg-tZb7dTy3ajEBOesFb2L2oaXY07l3hbr0RemArzkT3UI-kwb2QwtRMD9mZSiKuxq3BQb9thNNEG99f_9j1uLxcYvm9C56Vl7TVQS0tlDnYeymFCvGvz1HoXj8K4cIKkiPJaSizOd-7oYHKL2l6sBSzUwdw6f1DStxg2hy9u8Kv3tfqgpODXUjZKWIiOo4f1-5dFCFCdJhCve93xUyPUiecFzm5WqScquChsEJagiWV6oLviVYKORbNJZ_GS-y6s8GO36NtPqsiShEg22hAoKgyUaVagWCVECWVedqcfnbsAdpCulM01B3vOx-K-g4tqli_NkoU5RVMyD5QuNKc-jgx4_ibmpnneowzoOd3GJeF0SLMMlsnbCfQA1FGuvKZy8OtiE91vW9EUtrkzKMsI6w-CwHii5JV1P9NdaN279u39C-Ppj4zXNvYowPtxHvFqUbsK-NOb_VecqMP54gsFGiyp_dg_jcmFzu14tt9TT0ZE1ITUW09QVXg28DxHzYbzxiMlnMVcxHRL6vFT3wCG5d5vZuDO0Pvhp2x99-eAXH-179vbU6eCE5rjDS_Khd1AG0Iq_p-4ujWWzXCDCDvfNDUIJ_h88l86pNpqYNzhmztPXT2j3DqWQtFhWBnQGQ2FtHQWDfbBYtxfc8syzQrO3o1VnQeNL4hpo0vlHoBX1mjUHm087uqw28_Aot8WrME7IN3UsbcewoJL35hhb177D5mkSu5bNrZNTOPUYnn1sMKQoa2jNkNPgK0Erz6CylP5VOOD9-wnNOVhBXd0jJk4F8b1VmiotRO7sT69yOaIzxtvpY39LhFNbq7UM0o5jXnCqA&sai=AMfl-YTsFrIu7f1K1DP2h2ViRarR84W1thTLW_bV2btAV41nMYpXvEwg8PFqcZuaBqkIIfXEE_oIN-VYGBxGI9o1ALZ2G-V5vkTOKkKM9-iSOh1VLtRQhR3KJ3P5is58nBArcvJs-JFVru8E0kha4iFeL7x7NjAM-Ynp0Zpk5-RQKLuIQdUxRSwobIz3FsjHi5s1zx8CqKYN8wd6lKMffjqWjkw_J0tvhLXMTyCb6N8ncDC_x-xsbpoONW7Br3GYnmrkOX876LcUvPEzy1SnQI30ymp_sX-C19k0xRVkS14j0-YB9pyEZu3SC8cgrlVKlD61g1Q&sig=Cg0ArKJSzPjCHObftTZaEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=749&vt=11&dtpt=329&dett=3&cstd=418&cisv=r20240201.06183&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 168ms
168ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJoZ2,time:747,type:e,im:%7Bpci:%7Btdr:569%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:9,o:738,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B733~0%5D,as:%5B733~728.90%5D%7D%7D,%7Bsl:i,t:738,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B10~100%5D,as:%5B10~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:204,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:259%7D&br=c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 70ms
70ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/postscribe.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a2f7af80d0448251673b08a29cfb0e61d128fd63845cba595ec10737828886db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51384
x-xss-protection: 0
server: cafe
etag: 14199592534119610934
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 404 getpaypal.php Show response
www.onworks.net/push/ 0
569 B 54ms
53ms XHR
text/html 2606:4700:20::ac43:479b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/push/getpaypal.php?email=

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::ac43:479b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/onworkssession.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-page-speed: 1.13.35.2-0
date: Tue, 06 Feb 2024 12:16:20 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cross-origin-opener-policy: unsafe-none
cross-origin-embedder-policy: unsafe-none
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6FUJNWO%2Bd4%2FoYkYKEkPMEVf9RXHC2HdV%2BRIsV26TmGAyedY9GizUM89AnKcajGlIZ1HjdT3BAE9LEDAP%2BaFaBv55K4AsL1IfAOkF%2Fi31FI2nLev5WP4f2sddGqkYL8w%2BB52QugeSa%2BLnJTK8eg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: max-age=0, no-cache
cf-ray: 851352df7b042a64-CDG
alt-svc: h3=":443"; ma=86400

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 70ms
70ms XHR
application/json 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240201&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5958d9394f4a28cff9feba5f23c9d5f7fe204acbd95137db178163b553b2ea50

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12220
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame EE26 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0efc96e3f29aafc61069f47595d712f150f53fc5cf571da65b1c6a6d59c11269

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7686 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d88bf27b473f583efd195951f73cab2fef5dc279c4badc85b84126c908c19689

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 85ms
85ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/postscribe.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e8f9669cf92313f4dbc3f63bfc232bae2e58aa750d8e22cb4313042cea34f928

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51295
x-xss-protection: 0
server: cafe
etag: 3909906994790160307
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 444C 123 KB
42 KB 446ms
446ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3da8c05808ded7073fbc48daf4caf6a6d0a2452db598a8501ceaaa8c1a69a7f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 42795
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A4BC 13 KB
5 KB 27ms
26ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
age: 50378
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 22:16:42 GMT
expires: Tue, 04 Feb 2025 22:16:42 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 129C 829 B
1 KB 97ms
37ms Document
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

af078168703e56c3f39a80e3e7d7649c956fcaa25337abddbdb6eb7c941b7cf4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-02EHu6jftMkfSj8614XsSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-02EHu6jftMkfSj8614XsSw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:20 GMT
expires: Tue, 06 Feb 2024 12:16:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
50 KB 71ms
71ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/postscribe.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

51141d49f43b8617fed377901841d68cdd3b02e64d1736d38ce7ca94689f3d17

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51284
x-xss-protection: 0
server: cafe
etag: 9876813169824702785
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C2F3 123 KB
42 KB 450ms
449ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=3572111325&adk=1602787454&adf=1144095369&pi=t.ma~as.3572111325&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780566&bpp=1&bdt=3314&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=773379832&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ed1b1264b699701356071b825419f9fb8af6143ea5e946d0120167b567c42e44

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 43124
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js Show response
pagead2.googlesyndication.com/bg/ Frame A4BC 39 KB
15 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/IHSjRKKj3q_1Pt3c2sGWHmUCy_Bw5n5yhKh9CWyZSw4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 22:08:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50875
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15219
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 04 Feb 2025 22:08:25 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 13E5 132 KB
44 KB 831ms
831ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32073b4cfcd75233a3c04936dd6926bbd6624e2c6940eaf5e18cd5da5ee1e3c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 45117
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 129C 0
0 57ms
57ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240201&jk=3754886673919165&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A4BC 0
10 B 25ms
25ms Image
text/plain 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?LGp3lw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 v2 Show response
mb.moatads.com/s/ Frame 4A45 372 B
449 B 41ms
40ms Script
text/html 132.226.214.62
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/s/v2?url=https%3A%2F%2Fwww.onworks.net%2F&pcode=havasfrorangedcmdisplay758646212611&ord=1707221780215&jv=1395879959&callback=BrandSafetyNadoscallback_46281706
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.214.62 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 217640f86ba091586e82b930e52b64967303fe71934c45b7cb6bd3c36355e342

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
server: istio-envoy
etag: "2971f875b3398425b030e67276f8b262d50c9e5e"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 15
timing-allow-origin: *
content-length: 372

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4A45 43 B
265 B 42ms
42ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs0.2mdn.net%2Fsadbundle%2F897311438824013824%2F120x600px%2F2023OP_BE_Janvier_2024_120x600px%2F2023OP_BE_Janvier_2024_120x600px.html%3Fev%3D01_250&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-pXfZFj9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-H141M1%2F1Kg7M0g%3D%3D&sc=1&os=1-wg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=120&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=600&w=120&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780215&de=765369044925&cu=1707221780215&m=552&ar=805b0ce1b97-clean&iw=859666c&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=136&lg=1&lh=16&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A-%3A-%3A1038%3A73&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=132&cd=0&ah=132&am=0&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=31344366%3A4440622%3A385695001%3A208112191&bo=onworks.net&bd=onworks.net&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&hv=findIframeAds&ab=2&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=207009&na=1437971562&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 v2 Show response
mb.moatads.com/s/ Frame 2631 372 B
449 B 45ms
45ms Script
text/html 132.226.214.62
ORACLE-BMC-31898

General

Check archive.org

Show headers Download Go to

Full URL: https://mb.moatads.com/s/v2?url=https%3A%2F%2Fwww.onworks.net%2F&pcode=havasfrorangedcmdisplay758646212611&ord=1707221780276&jv=1911507566&callback=BrandSafetyNadoscallback_49720059
Requested by: Host: z.moatads.com
URL: https://z.moatads.com/havasfrorangedcmdisplay758646212611/moatad.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 132.226.214.62 Slough, United Kingdom, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software: istio-envoy /
Resource Hash: 864eb930dd8d8c93f4d7ab8b76a5d382029bd4632080125777918be6cba28e65

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
server: istio-envoy
etag: "c7f02fd001dd995c418246f3cef25520d3054c70"
content-type: text/html; charset=UTF-8
cache-control: max-age=900
x-envoy-upstream-service-time: 20
timing-allow-origin: *
content-length: 372

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2631 43 B
265 B 33ms
33ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=0&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=https%3A%2F%2Fs0.2mdn.net%2Fsadbundle%2F897311438824013824%2F120x600px%2F2023OP_BE_Janvier_2024_120x600px%2F2023OP_BE_Janvier_2024_120x600px.html%3Fev%3D01_250&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-9F00fIwzI9tas3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-HTLzQ%2BKAS248Xw%3D%3D&sc=1&os=1-yg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=120&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=0&h=600&w=120&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780276&de=374855860622&cu=1707221780276&m=520&ar=805b0ce1b97-clean&iw=859666c&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=98&lg=1&lh=11&gm=1&io=1&vv=3&vw=0%3A3%3A0&vp=-&vx=-%3A-%3A-&pe=0%3A-%3A-%3A1041%3A70&aa=0&ad=0&cn=0&gk=0&gl=0&ik=0&ic=0&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=101&cd=0&ah=101&am=0&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=31344366%3A4440622%3A385695001%3A208112191&bo=onworks.net&bd=onworks.net&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&hv=findIframeAds&ab=2&fd=1&kt=sframe&it=500&oq=0&ot=0&zMoatJS=3%3A-&ti=0&ih=2&jk=-1&jm=-1&tc=0&fs=207009&na=1516063192&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 4A45 43 B
251 B 162ms
55ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=132&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780215&r=765369044925&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=1&BSD=safe&BSC=gs_fooddrink,gs_tech_compute_apps,gs_tech_compute_net,moat_safe,gs_tech_compute,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_social,gs_tech_compute_net_webhost,gs_tech_compute_net_support,gs_tech_compute_apps_os&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 4A45 43 B
251 B 164ms
56ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=132&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780215&r=765369044925&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=2&BSD=safe&BSC=gs_fooddrink,gs_tech_compute_apps,gs_tech_compute_net,moat_safe,gs_tech_compute,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_social,gs_tech_compute_net_webhost,gs_tech_compute_net_support,gs_tech_compute_apps_os&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 4A45 43 B
251 B 140ms
33ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=132&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780215&r=765369044925&t=bs&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=3&BSD=safe&BSC=gs_fooddrink,gs_tech_compute_apps,gs_tech_compute_net,moat_safe,gs_tech_compute,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_social,gs_tech_compute_net_webhost,gs_tech_compute_net_support,gs_tech_compute_apps_os&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 4A45 43 B
265 B 68ms
67ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-pXfZFj9Dn5ips3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-H141M1%2F1Kg7M0g%3D%3D&sc=1&os=1-wg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=120&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=600&w=120&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780215&de=765369044925&cu=1707221780215&m=615&ar=805b0ce1b97-clean&iw=859666c&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=136&lg=1&lh=16&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A1038%3A73&aa=0&ad=35&cn=0&gk=35&gl=0&ik=35&ic=35&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=132&cd=132&ah=132&am=132&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=31344366%3A4440622%3A385695001%3A208112191&bo=onworks.net&bd=onworks.net&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&hv=findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=3&jm=-1&tc=0&fs=207009&na=1081928240&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 4A45 43 B
251 B 109ms
30ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=35&fi=1&apd=201&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780215&r=765369044925&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=4&BSD=safe&BSC=gs_fooddrink,gs_tech_compute_apps,gs_tech_compute_net,moat_safe,gs_tech_compute,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_social,gs_tech_compute_net_webhost,gs_tech_compute_net_support,gs_tech_compute_apps_os&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 4A45 43 B
251 B 110ms
32ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=35&fi=1&apd=201&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780215&r=765369044925&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=5&BSD=safe&BSC=gs_fooddrink,gs_tech_compute_apps,gs_tech_compute_net,moat_safe,gs_tech_compute,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_social,gs_tech_compute_net_webhost,gs_tech_compute_net_support,gs_tech_compute_apps_os&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 2631 43 B
251 B 101ms
32ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=101&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780276&r=374855860622&t=meas&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=1&BSD=safe&BSC=gs_tech_compute_apps,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_webhost,gs_tech_compute_net_social,gs_fooddrink,gs_tech_compute_net_support,moat_safe,gs_tech_compute_apps_os,gs_tech_compute,gs_tech_compute_net&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 2631 43 B
251 B 100ms
31ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=101&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780276&r=374855860622&t=nht&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=2&BSD=safe&BSC=gs_tech_compute_apps,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_webhost,gs_tech_compute_net_social,gs_fooddrink,gs_tech_compute_net_support,moat_safe,gs_tech_compute_apps_os,gs_tech_compute,gs_tech_compute_net&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 2631 43 B
251 B 97ms
29ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=0&fi=0&apd=101&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780276&r=374855860622&t=bs&os=0&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=3&BSD=safe&BSC=gs_tech_compute_apps,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_webhost,gs_tech_compute_net_social,gs_fooddrink,gs_tech_compute_net_support,moat_safe,gs_tech_compute_apps_os,gs_tech_compute,gs_tech_compute_net&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
px.moatads.com/ Frame 2631 43 B
265 B 27ms
26ms Image
image/gif 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.moatads.com/pixel.gif?e=37&q=0&hp=1&ra=1&pxm=4&sgs=3&vb=-1&kq=1&lo=1&uk=null&pk=0&wk=0&rk=0&tk=0&ak=-&i=HAVAS_FR_ORANGE_DCM_DISPLAY1&ol=3920728697&qn=%604%7BZEYwoqI%24%5BK%2BdLLU)%2CMm~tM!90vv9L%24%2FoDb%2Fz(lKm3GFlNUU%2Cu%5Bh_GcS%25%5BHvLU%5B4(K%2B%7BgeFWl_%3DNqUXR%3A%3D%2BAxMn%3Ch%2CyenA8p%2FHm%24%60%233P(ry5*ZRocMp1tq%5BN%7Bq%60RP%3CG.ceFW%7CoG%22mxT%3Bwv%40V374BKm55%3D%261fp%5BoU5t(K%25.I%24%3D!%5DxPm2i3MAJ1%5D6WAJN3NZ_h)G%3E3%5D*lTr1W*d%5B4kf%2FLyUoRdByZ%3CPnKMV%25%3C%2Cbq.%22oDOk%2Cz%25GY&tf=1_nMzjG---CSa7H-nHVQZC-bW7qhB-LRwqH-nMzjG-&vi=111111&rc=2%2C1%2C0%2C3%2C3326192205%2C1%2C4%2C0%2Cprobably%2Cprobably&rb=1-9F00fIwzI9tas3zWES0UEhYKQlBk9l%2Bd1Ss78ABRGBCPEpCfxlXpQB8EOC0dEk1CVCWz&rs=1-HTLzQ%2BKAS248Xw%3D%3D&sc=1&os=1-yg%3D%3D&qp=10000&is=BBBBB2BBEYBvGl2BBCBBtUTE1RmsqbKW8BsrBu0rCFE48CRBeeBS2hWTMBBQeQBBn2soYggyUig0CBlWZ0uBBCCCCCCOgRBBiOfnE6Bkg7Oxib8MwBtJYHCBdm5kBhIcC9Y8oBXckXBR76iUUsJBCBBBBBBBBBWBBBj3BBBZeGV2BBBCMciUBBBjgEBBBBBB94UMgTdJMtEcpMBBBQBBBniOccBBBBBB47kNwxBbBBBBBBBBBhcjG6BBJM2L4Bk8BwCBQmIoRBBCzBz1BBCTClBBrbBBC4ehueB57NG9aJeRzBqBBiuwBBBB&iv=8&qt=0&gz=0&hh=0&hn=0&tw=&qc=0&qd=0&qf=120&qe=600&qh=1600&qg=1200&qm=-60&qa=1600&qb=1200&qi=1600&qj=1200&to=000&po=1-0020002000002120&vy=ot%24b%5Bh%40%22oD~T_Gr1%3E%3AB%40NVt7%3BY%3EhyMmxNXJZPV8t6%3D%3Dh_GW3r4Aj!L%3E%2BbK0pH%23H&ql=%3B%5BpwxnRd%7Dt%3Aal9EU%22y%2F.D%5B5%2F%5BGI%3Fi6%5EB61%2F%3DSqcMr1%7B%2CTu9LJJ(a.P%2B)s1(uA&qo=0&qr=0&bq=0&g=1&h=600&w=120&hq=0&hs=0&hu=0&hr=0&ht=1&dnt=0&zGSRS=1&zGSRC=1&gu=https%3A%2F%2Fwww.onworks.net%2F&id=0&ii=3&f=1&j=https%3A%2F%2Fwww.onworks.net&lp=https%3A%2F%2Fwww.onworks.net&t=1707221780276&de=374855860622&cu=1707221780276&m=617&ar=805b0ce1b97-clean&iw=859666c&cb=0&ym=0&ll=2&lm=2&ln=1&r=0&dl=0&nh=1&xx=undefined%3A875484570224&td=1&lk=undefined&lb=600&le=1&lf=98&lg=1&lh=11&gm=1&io=1&ch=1&vv=3&vw=0%3A3%3A0&vp=100&vx=-%3A100%3A-&pe=0%3A-%3A-%3A1041%3A70&aa=0&ad=50&cn=0&gk=50&gl=0&ik=50&ic=50&ez=1&cq=1&im=0&in=0&pd=0&em=0&en=0&st=1&su=1&of=1&oz=1&oe=0%3A0%3A0%3Anull%3A-1%3Anull%3A-1%3Anull%3A-1&bu=101&cd=101&ah=101&am=101&xd=00&rf=0&re=1&wb=1&wm=1&wi=0&zMoatCustomParams=50%25%3A2000sec%3Acontinuous&cl=0&at=0&d=31344366%3A4440622%3A385695001%3A208112191&bo=onworks.net&bd=onworks.net&gw=havasfrorangedcmdisplay758646212611&zMoatOrigSlicer1=N%2FA&zMoatOrigSlicer2=N%2FA&zMoatMarket=FR&zMoatADV=9229046&zMoatDBMCampID=-&zMoatDBMIOID=-&zMoatDBMCreaID=-&hv=findIframeAds&ab=2&fd=1&kt=sframe&it=500&fz=1&oq=1&ot=ff&zMoatJS=3%3A-&ti=0&ih=2&jk=3&jm=-1&tc=0&fs=207009&na=1540723581&cs=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

unused62: 8096267
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 2631 43 B
251 B 71ms
56ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=50&fi=1&apd=200&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780276&r=374855860622&t=hdn&os=1&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=4&BSD=safe&BSC=gs_tech_compute_apps,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_webhost,gs_tech_compute_net_social,gs_fooddrink,gs_tech_compute_net_support,moat_safe,gs_tech_compute_apps_os,gs_tech_compute,gs_tech_compute_net&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H2 200 pixel.gif
havasfrorangedcmdisplay758646212611.s.moatpixel.com/ Frame 2631 43 B
251 B 48ms
34ms Image
image/gif 2.19.103.55
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://havasfrorangedcmdisplay758646212611.s.moatpixel.com/pixel.gif?m=1&iv=0&tuv=-1&tet=50&fi=1&apd=200&ui=0&uit=0&h=0&th=-1&s=-1&ts=-1&bfa=-1&d=onworks.net&L1id=31344366&L2id=4440622&L3id=385695001&L4id=208112191&S1id=onworks.net&S2id=onworks.net&ord=1707221780276&r=374855860622&t=fv&os=1&fi2=0&div1=0&ait=0&zMoatADV=9229046&url=https%253A%252F%252Fwww.onworks.net%252F&bedc=1&q=5&BSD=safe&BSC=gs_tech_compute_apps,gs_tech_compute_net_cloud,gs_tech,gs_tech_compute_net_webhost,gs_tech_compute_net_social,gs_fooddrink,gs_tech_compute_net_support,moat_safe,gs_tech_compute_apps_os,gs_tech_compute,gs_tech_compute_net&nu=1&ib=0&dc=1&ob=0&oh=0&lt=0&ab=0&n=1&nm=1&sp=0&pt=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.103.55 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-19-103-55.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
last-modified: Fri, 20 May 2016 15:16:00 GMT
server: AkamaiNetStorage
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3:1463757360"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 444C 6 KB
706 B 59ms
59ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 11:57:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 444C 2 KB
822 B 26ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17857760189734629490/ Frame 444C 181 KB
181 KB 28ms
28ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17857760189734629490/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58dd73c49f4f46169cf48c480e71c8b2fc8f40d759eacf64ed41b8813bc3c41d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 05 Feb 2025 09:02:34 GMT
date: Tue, 06 Feb 2024 09:02:34 GMT
x-content-type-options: nosniff
age: 11626
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185013
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:57:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 444C 23 KB
9 KB 38ms
38ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 444C 3 KB
1 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46266
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 17E2 1 KB
643 B 26ms
25ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 68736
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 17:10:44 GMT
etag: 48472445140208031
expires: Tue, 06 Feb 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 444C 20 KB
8 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46257
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 444C 0
0 34ms
33ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS31VJhh8NieJoK5yAYxt3bjJBrJEivOrn-uiUI3JVhXQYupPD6ikqY-z651YqjkMuPwa129TsqkafILxZzc7phyyv82Q
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 444C 205 KB
65 KB 122ms
122ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=44809771

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:21 GMT

GET
H3 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 444C 37 KB
15 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:57:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580740
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:57:20 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17E2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_push=AXcoOmSs1hxPGV4khTCY4qzybQWtuBRs2Ze8y31snFjipl-YqhaUkccCkd...

170 B
188 B

37ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_push=AXcoOmSs1hxPGV4khTCY4qzybQWtuBRs2Ze8y31snFjipl-YqhaUkccCkdl_18ol06f90CM4KmB9JwbsKr5-tT1Bd2jhzTpvVm5oTg

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-lcy-eglc8600039-LCY
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1707221781.043136,VS0,VE82
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_push=AXcoOmSs1hxPGV4khTCY4qzybQWtuBRs2Ze8y31snFjipl-YqhaUkccCkdl_18ol06f90CM4KmB9JwbsKr5-tT1Bd2jhzTpvVm5oTg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 17E2 70 B
149 B 121ms
36ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEELjUtAZ0ZLjMNTDTuU3tK4&google_cver=1&google_push=AXcoOmSB1zSiBg0mKLcGiHoSc2gmV2ITbL0phHIy-FFlV2pmvOo_6vvioV5lMYGfjD0tS3J31ObryV3N63pq7war6PDL8snPk8qa2uE
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17E2
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAXcoOmRl4HBisgvfIFvA8Ja-hLTaNAnAPZGFQyghLKaf5L3Y13mxCUkrQUnJhk8ufeyaGMMiwlj8PUIRIG1PPj3-8K94KzVqNFRYRgY&google_gid=CAESELQAYjuCt4LN8n7iyPFtZD4&...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJXGiK4GEgUI6AcQAEIASnNnb29nbGVfcHVzaD1BWGNvT21SbDRIQmlzZ3ZmSUZ2QThKYS1oTFRhTkFuQVBaR0ZReWdoTEthZjVMM1kxM214Q1VrclFVbkpoazh1ZmV5YUdNTWl3bGo4UFVJUklHMVBQaj...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcXFiTkNZNEFiRS1rZUhqNEVlYVlmMnFMbkl4Z01ZZkxTaE5QYnFwVHBLRQ==&google_push

170 B
188 B

35ms
35ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcXFiTkNZNEFiRS1rZUhqNEVlYVlmMnFMbkl4Z01ZZkxTaE5QYnFwVHBLRQ==&google_push

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 06 Feb 2024 12:16:21 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwcXFiTkNZNEFiRS1rZUhqNEVlYVlmMnFMbkl4Z01ZZkxTaE5QYnFwVHBLRQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17E2
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFlB9svnL70sSkmVPF3Gu2U&google_cver=1&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woo...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woozlKb-auRbY6pQSU

170 B
188 B

38ms
37ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woozlKb-auRbY6pQSU

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 06 Feb 2024 12:16:21 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmSX6WuLE2m1oWUzQi6src9Zr1sqkrX35_c0KcR5PRmq4Vaa0P86OwwOzlpAAEtyaxvMUU6qxQPcTE-Y6woozlKb-auRbY6pQSU
x-host: tde-deliveryengine-production-95855cfc5-rshk2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 17E2 43 B
235 B 86ms
25ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEL1bl49IGoxA7b3HGuJ4kFM&google_cver=1&google_push=AXcoOmT-AFQ198AoIHDNbs2RQQiV10fQqrDlDi_w5fwpz8wwSbPjxNNe3zXALT-aLm0vvtOxrhAUrqNfWssYma3whbcQO77_HmqpIA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=9498197758&adk=1719645634&adf=2225698803&pi=t.ma~as.9498197758&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780478&bpp=1&bdt=3225&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2662&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=1520373282&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=7&uci=a!7&btvi=4&fsb=1&dtd=3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Tue, 06 Feb 2024 12:16:21 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17E2
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELRbdaOwu6oaz1fu8oJbaKk&google_cver=1&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK5...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK53mrEbu28&google_hm=eS1ZTEFaM2l4RTJwR19...

170 B
188 B

36ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK53mrEbu28&google_hm=eS1ZTEFaM2l4RTJwR19zcDhkVmhDUk5rcXVTd1pfQnVDWH5B

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 06 Feb 2024 12:16:21 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmTvnsrZ7n69ItScIH7j3TVt9cEpYEuESZmumUros0eyHd3D3U2kAxAc2UB9ZV-p9qP3Hu2qYXDyxuXzMzIvZ78FfK53mrEbu28&google_hm=eS1ZTEFaM2l4RTJwR19zcDhkVmhDUk5rcXVTd1pfQnVDWH5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 17E2
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3y...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5h...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE...

170 B
188 B

37ms
37ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3yGwDUtfav4KYtt9E8ygQ1svE

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmRH6aqzMjQF87BX5wisCIl4gY3-xRs2b26NRRTe54_iq1frcdgvTSOSgFzngFxkQSCYG5hZfE3yGwDUtfav4KYtt9E8ygQ1svE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 17E2 0
12 B 34ms
33ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IehMDcHKj9bh35_oN6-N99Oe4OuFMmP9iXoPPQTF3J0MUr-mHDipASGuYOAcPVmpSSdppk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:20 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame 444C 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ff21dfb04c85e71ada94de815b2063756127049c6fc5d6dc648128cee1159619

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame C2F3 6 KB
706 B 36ms
36ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=3572111325&adk=1602787454&adf=1144095369&pi=t.ma~as.3572111325&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780566&bpp=1&bdt=3314&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=773379832&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 10:42:03 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:21 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame C2F3 2 KB
822 B 26ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame C2F3 23 KB
9 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame C2F3 3 KB
1 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame DA7C 1 KB
643 B 26ms
26ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 68737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 17:10:44 GMT
etag: 48472445140208031
expires: Tue, 06 Feb 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame C2F3 20 KB
8 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame C2F3 205 KB
65 KB 47ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:21 GMT

GET
H3 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame C2F3 37 KB
15 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:57:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:57:20 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/17857760189734629490/ Frame C2F3 181 KB
181 KB 25ms
25ms Image
image/jpeg 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17857760189734629490/14763004658117789537

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

58dd73c49f4f46169cf48c480e71c8b2fc8f40d759eacf64ed41b8813bc3c41d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires: Wed, 05 Feb 2025 09:02:34 GMT
date: Tue, 06 Feb 2024 09:02:34 GMT
x-content-type-options: nosniff
age: 11627
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 185013
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 14:57:15 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons: true

GET
DATA 200
OK truncated
/ Frame C2F3 209 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ac31bbe74bed7f6ea8e76773fb05372c8b11656b074f1c1411a29f0e37f8c1ec

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 204 current
dclk-match.dotomi.com/match/bounce/ Frame DA7C 0
104 B 302ms
81ms Image
text/plain 2a02:fa8:8806:16::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEHOTfVCzT3nSBMz_qaz8p68&google_cver=1&google_push=AXcoOmRU1tNUhd2Kq56EdkR5-ylIQF3WtUvHoNjaGyiOXZNNS1ZOyzIdAxuJpk_Q-9-jqpW_LRUiboYAUVd3ufMJwYmCcuss6ZOXxzY
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=280&slotname=3572111325&adk=1602787454&adf=1144095369&pi=t.ma~as.3572111325&w=1200&fwrn=4&fwrnh=100&lmt=1704536527&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780566&bpp=1&bdt=3314&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=2612&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=773379832&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoEebr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=8&uci=a!8&btvi=5&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:16::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame DA7C
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icb...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3i...

43 B
426 B

198ms
182ms

Image
image/gif

2606:4700::6812:18ad

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 2606:4700::6812:18ad -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 851352e53aa001fd-CDG
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 1982
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESENUOAfAOq4Z3qVx_hSqhtic&google_cver=1&google_push=AXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmQ9l00EiqxGDs70R4nZe-DdDwEMvv07TbPEbK3QUlmYV2YjsGJmn4FBgahhIT8NwAulNEbGit46B4EuzHpDTHOLhd6CI3icbK0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 851352e3f8c201fd-CDG
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA7C
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEFf44t-Ibq3PCrCIyOMZRXk&google_cver=1&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g&google_hm=Q0FFU0VGZjQ0dC1JYn...

170 B
188 B

35ms
35ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g&google_hm=Q0FFU0VGZjQ0dC1JYnEzUENyQ0l5T01aUlhr

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 06 Feb 2024 12:16:20 GMT
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AXcoOmTbTH3cwVO-_XV8mLXULsvL2Bg-udP8HAYyVPaCFNnngr0y5Y2Bzx9GkRSLKympD-6Cd1LqeIrduGhkViZORoxp7nZ-VtH9L1g&google_hm=Q0FFU0VGZjQ0dC1JYnEzUENyQ0l5T01aUlhr
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA7C
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEFlB9svnL70sSkmVPF3Gu2U&google_cver=1&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo-E_K-aPV82Z5CE0

170 B
188 B

41ms
41ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo-E_K-aPV82Z5CE0

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 06 Feb 2024 12:16:21 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=wMekh4obQLkhKf8n3AnUPg&google_push=AXcoOmS8yGV6UaWaV6oY9sy4RbEr5TyPqdtnWxMrIgYnwpzWdp55d2677ThzZuzikfBckeKcQ267H-s44hoWtsvo-E_K-aPV82Z5CE0
x-host: tde-deliveryengine-production-95855cfc5-sj7tf
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame DA7C
Redirect Chain

https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D3...
https://creativecdn.com/cm-notify?pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D3...
https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=HIZDnY0REpGC62x_E-5AYYDOIpzviM814isZ71eIGig&pi=adx&tdc=ams&pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&googl...

170 B
188 B

36ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=HIZDnY0REpGC62x_E-5AYYDOIpzviM814isZ71eIGig&pi=adx&tdc=ams&pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D37MTzDL9xV-RtuA&tc=1

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=rtb_house&google_ula=5153224&google_hm=HIZDnY0REpGC62x_E-5AYYDOIpzviM814isZ71eIGig&pi=adx&tdc=ams&pi=adxab&google_gid=CAESENB-JbUVYjJbqHo8vOHyMbc&google_cver=1&google_push=AXcoOmTXHv-kjKfoRzamKw-9bWyvMSuKd59CZx8riqQQkjSDbA4wuz41X74ik33X18rc9ReNAt-2GEpdg8RQ5j5D37MTzDL9xV-RtuA&tc=1
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT, Tue, 06 Feb 2024 12:16:21 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame DA7C 43 B
363 B 71ms
23ms Image
image/gif 178.250.1.9
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQfqwN7VzY2qRIqSW30L3ktX0VikSuIdjVZ2CsqreFi4BWHZsNYoKBM5sDwgQlWD_Lqu1A6d7n3Xa2pq6vsmc_2WconDuz4btk&google_gid=CAESEGX4wJ_KcZqoRQ-4h6htzVg&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.9 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 243988
expires: Tue, 06 Feb 2024 00:00:00 GMT

GET googleredir
googlecm.hit.gemius.pl/ Frame DA7C 0
0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame DA7C 0
12 B 33ms
33ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K_hPK5Z8NSwjkx36iNwgF6itwnhtz63G-e9SF5Ye06pBayUVdhEGoTOw-7mJdqdOpg87-_Qg

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 87C6 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuq6TKlQzA5eDZsovQvqnP4QPnEN-DGpyRZ77quQJXJUc_rA4X-jPYHHZVT4xs2XNmCRPGd_NKYwnv_U6MIHptA-AAj2TaDsSQIChJJ5gHku42AVXFlSoLsAof1ymDi0_dP0nHuFpVTjezPKqrrW1yb4i8KDY1yKq17Qw&sai=AMfl-YSIuA9Vuv1bSrrGr4IsZCRiz3KbUnErrAvRhNukwL5KTHoJyn5SG3pmx1OvuxNf4edVfW4-baZC7oopzPBu-93Asl356rdUBcav-4AwR9KdxWZFdB3WdVer0AJRdSgf8NACbDmGBhiJpLvOqFRw3A&sig=Cg0ArKJSzChxslaxgTQtEAE&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&id=lidar2&mcvt=1028&p=0,0,90,728&mtos=792,1028,1028,1028,1028&tos=792,236,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=84980951&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=315457900&rst=1707221779351&rpt=767&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C2F3 15 KB
16 KB 26ms
25ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:51:53 GMT
x-content-type-options: nosniff
age: 581068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:51:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C2F3 15 KB
15 KB 30ms
30ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:55:04 GMT
x-content-type-options: nosniff
age: 580877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:55:04 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame C2F3 15 KB
15 KB 35ms
35ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:50:29 GMT
x-content-type-options: nosniff
age: 581152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:50:29 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 444C 15 KB
16 KB 36ms
36ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:51:53 GMT
x-content-type-options: nosniff
age: 581068
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:51:53 GMT

GET
H2 200 KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 444C 15 KB
15 KB 46ms
45ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:55:04 GMT
x-content-type-options: nosniff
age: 580877
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15740
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:56 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:55:04 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 444C 15 KB
15 KB 51ms
51ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:50:29 GMT
x-content-type-options: nosniff
age: 581152
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 29 Jan 2025 18:50:29 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 444C
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CME76FCPCZdGKINafiM0PvoyleKuZ2pR1uqeHsMwS2tkeEAEgqtKuhAFg--GFg5wKoAGEqYHEA8gBCakCIEGUbRhBsz6oAwHIA8sEqgTaAU_QpVk07Pxfd158mnv72cWfDFyfGwYSEhGoNXt...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217514602282702232090%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%22...

0
0

58ms
57ms

Fetch
text/css

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217514602282702232090%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22947934340%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223763657993508339857%22}&andc=true

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17514602282702232090","debug_reporting":true,"destination":"https://plesk.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["947934340"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"3763657993508339857"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:21 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17514602282702232090","debug_reporting":true,"destination":"https://plesk.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["947934340"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"3763657993508339857"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame 0C98 50 KB
19 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580496
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame C2F3
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CFxq2FCPCZdiyJcWbiM0PtrWIoA-rmdqUdbqnh7DMEtrZHhABIKrSroQBYPvhhYOcCqABhKmBxAPIAQmpAiBBlG0YQbM-qAMByAPLBKoE2gFP0AjoEBqV51JCopYuMueYBFrA-yhsdVTjy8J...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229967488248311137018%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%222...

0
0

57ms
57ms

Fetch
text/css

172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229967488248311137018%22,%22debug_reporting%22:true,%22destination%22:%22https://plesk.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22947934340%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2214342269105375538337%22}&andc=true

Protocol

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9967488248311137018","debug_reporting":true,"destination":"https://plesk.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["947934340"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"14342269105375538337"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 06 Feb 2024 12:16:21 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9967488248311137018","debug_reporting":true,"destination":"https://plesk.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["947934340"],"22":["true"],"4":["02-06"],"6":["true"]},"priority":"500","source_event_id":"14342269105375538337"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame D263 50 KB
19 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580496
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 57ms
57ms Preflight
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 12:16:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 59ms
59ms Image
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240201&jk=3754886673919165&bg=!_v2l_bLNAAa8BdJLnAU7ADQBe5WfOOBkohK7i5jF9P6HBjADWPlNp_lfUtqSb-wBzeffvqElscSQ2mysRyMYBljFA_OBAgAAADhSAAAAAmgBBwoAaXaPRTn0YDfrDJEwhaiGgRFN7BDaIQau5J7mFeztpY9SJ9X9Pl7rDbibjmQNdvNXj1n3OmW2Teo3sm-hVJ_iVwYo7jttRjecBnQIb8G9fwLpEa4ooHOFLAbAVPvXBK0z3yt3V2Xg8tuSxZkCv3rZ0rgzJgsU7XXEQAvwb1DrDDeGuGqRZh1BLfFZQjjUZFWoXZMZni4AVt_n4YtqNfPES3jzF176VjUIuFtjNIZBzGoqsUk7vTEzkp1R9VwIxS8J79kTDi4HULZAbg5GaVfDik-FIAC5zhdofkw_Z3UMUHokNmXBOkivHPiW2tC9iUVnNY9Afd1QFaQhj1fdo-Lgdor5ifeXyWxiZmXikCmPhUu0jBlUpCZCg2HQqm7Kf8YaBFnctCH2xOrG_wEFZwyS9AKaFMKxe7fjOunFu5T746H15FXDHKtFcvJd_dbNxfWIF-hhLyV8BUd50gf6DuqmgwlFmnJxQKZjGNtKrxWTIL2q2FK4WkaE64J09we39WQUuM3wWPfZGkbygwBTcn5mNdi0AoRCEQW0k5m4jkDeRJhkUJKIgEqBpU8hJOjb7J-XznPLE85B0JkFelSXKUKnreJMUxDugDo6tS8zmaT5g60WWRYJzUMiLxO_SieqGT63ReVnmtGNCu8mgewRbcvT5aJnUt6HrKt4WhQaSKAftq0E7EB8JNmsgY4j8bNTs8GKUQe3CB95dguuOZTEJSiTY6vP3NI1XA3w5t7k8GAePL13IbbCBVaWXopxrE6kA6bpZWgfYSvgILDgvESYw5xLsaUNFQoXaPrcOT8hp-fXnqHld3GNSVGohl5yCtCmtVdzfRd_wSS5lS4XhWTCXe_WddPHd9tlsbkorEp4fHDUNbm57yg4e4NQcZfFm_1OYD1QuCVKIjuA3r6b6_LdO5MGrQFM7Tu_ltdKeZPVTm_G-hlrJxMRexG8DejD2QhS96ltJ4YziVsCku8l-RYteaTbrUQ3DocOCpb3us9U91O24Ds_duhOnijvMZvsstAqYKGxhBHyqbyaUeLhMda9HL1T-SeyDexy5xC7T_Mz0fEC9oq3MBQlZU33dnOQgps
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://www.onworks.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 87C6 0
21 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=6293201393042&version=m202401290101&ct=76&x=1&cor=3720317165029347000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 58ms
58ms Preflight
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s05-in-f98.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 06 Feb 2024 12:16:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7686 0
21 B 56ms
56ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4937911920578&version=m202401290101&ct=76&x=1&cor=2529655433035726300

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EE26 0
21 B 57ms
57ms Ping
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3847876993633&version=m202401290101&ct=76&x=1&cor=12796344884495632000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 168ms
167ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJpf1,pingTime:1,time:1738,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:738%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1000,o:738,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B733~0%5D,as:%5B733~728.90%5D%7D%7D,%7Bsl:i,t:738,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:171,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:259%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: nginx
x-server-name: dt21.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 87C6 43 B
215 B 172ms
172ms Image
image/gif 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1811194&asId=64f95364-83e2-e406-70cb-1890cf9dba08&tv=%7Bc:3rJpf1,pingTime:1,time:1738,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:13%7D,%7Bpiv:100,vs:i,r:,t:738%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1000,o:738,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:13,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B733~0%5D,as:%5B733~728.90%5D%7D%7D,%7Bsl:i,t:738,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:171,fm:u3vyBtb+111%7C12%7C1311%7C1411%7C1511%7C16*.1811194-76298704%7C161,idMap:16*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:14,sis:259%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: nginx
x-server-name: dt17.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7686 42 B
64 B 60ms
60ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvppPRvLGldVs0IeAjijZusEKqf7-0wrU3-zV886Cu6DIZM-KF6RwDSXtionkBdd4ql0SZy-tWjhXL4una4uJjGHQglJR97XdjONw71lXsyNIEChBpMTVuHdpCZbafHyzg-3Rhb4qEezwLUtyCE3SAqfbenMTE0MRspAA&sai=AMfl-YQ6iLmDSawdVktKjmK59AKO2p4wP2P3Aw932YbUFv743XUvxarBQIUwg9Mlq9xhQ9Iw8NrkLT9N_yo8WJgIQY2yxmyrzLlYgVF7mi7pyq9DTgjI9gBgXDQa1sIqdbzPVV7r7ETlm5B7jKMkbXjD9Q&sig=Cg0ArKJSzEOw-FunuKRrEAE&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&id=lidar2&mcvt=1000&p=0,0,600,120&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=84980954&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=315457900&rst=1707221779401&rpt=319&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EE26 42 B
64 B 62ms
62ms Fetch
image/gif 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssgxnN04VLU4quyNLgMJat-rSCf8z9ocMi0ghCdrJ7UYGultIAuatFFMQImMZ-ipdgReNrObTpEQKkss-LhyV07GZrmP_fMoOlvpi-4b1vYhCxnkfA-Hg8ht7Cvv5mYfWpHKJBW0SP5-S0TdLvP2oVMrvwmSCHDodGe_Q&sai=AMfl-YQTEfubP2n-PCBE-1zkeJjXNPkfFq-F6ZCxMzKKdDodbZwra2PzRfusNT9GJg-cFdWu-TaOorjwxf2pPOFi-f1NxSsiPxW_TYARmdcvUYMUfFwPtysz0N26GRwdiOMpZ0PSf2dGqaatAwMOHnVfow&sig=Cg0ArKJSzBuTO7vOoFYgEAE&cid=CAQSTwAvHhf_op5qtnqom5mvCSZHkiPHxvSv5r8dsU3LmptKY0UNilfTl4AeAEodg8eb2C69GU1JFX6oT4mzpcVBxI3s94B9zl-RbByp9AccW1EYAQ&id=lidar2&mcvt=1001&p=0,0,600,120&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=84980953&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=315457900&rst=1707221779391&rpt=361&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 73134fbfa16854d24caf7cd541ab86d9.js Show response
www.gstatic.com/mysidia/ Frame 13E5 9 KB
4 KB 27ms
27ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/73134fbfa16854d24caf7cd541ab86d9.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d99a3294b83fe3b21e9251c87e7696b7f5ba1651c5d82256db3c0700ead09b57

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:16:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 579565
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4097
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 19:16:56 GMT

GET
H3 200 0a9824a76925f541c4e429981e9065a7.js Show response
www.gstatic.com/mysidia/ Frame 13E5 11 KB
5 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/0a9824a76925f541c4e429981e9065a7.js?tag=text/vanilla_highlight

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

373c96ceaf68580b9aadae1d036072e949f3bf12f6ff40c5fd2366c10643392a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 05:31:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24290
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4782
x-xss-protection: 0
last-modified: Fri, 02 Feb 2024 03:13:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 06 May 2024 05:31:31 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 13E5 14 KB
1 KB 34ms
34ms Stylesheet
text/css 2a00:1450:4001:803::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 06 Feb 2024 12:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 06 Feb 2024 11:48:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 06 Feb 2024 12:16:21 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 13E5 2 KB
822 B 26ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/ Frame 13E5 23 KB
9 KB 28ms
28ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9319
x-xss-protection: 0
server: cafe
etag: 3610546441309021303
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 13E5 3 KB
1 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:14 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:14 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/ Frame 13E5 20 KB
8 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240201/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Mon, 05 Feb 2024 23:25:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46258
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8501
x-xss-protection: 0
server: cafe
etag: 9351358253902147912
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 19 Feb 2024 23:25:23 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 13E5 0
0 34ms
34ms Image
text/html 2a00:1450:4001:802::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxw671qgIl-qENuiD1BsjWx3Vtq6qAGrE-ka8OATBOIUgMT-es5gZWtjVjDaQWRdFvn7xqDuiOTX4Gcj5oBmj5TqQUzw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 13E5 205 KB
65 KB 76ms
76ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=44809771

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66417
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1707137874550712"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 06 Feb 2024 12:16:21 GMT

GET
H3 200 ddb466d8785cb75acd721f17b1b8dd87.js Show response
www.gstatic.com/mysidia/ Frame 13E5 37 KB
15 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 18:57:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 580741
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15487
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 03:17:29 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 29 Apr 2024 18:57:20 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E9CF 143 B
166 B 26ms
25ms Document
text/html 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 2730
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 11:30:51 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 735B 1 KB
643 B 25ms
25ms Document
text/html 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

age: 68737
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 05 Feb 2024 17:10:44 GMT
etag: 48472445140208031
expires: Tue, 06 Feb 2024 17:10:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 13E5 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb64a0172bc5e2d6cffee43095f4fa8ff3685a4652200c8649cac9d6cc95db24

Request headers

accept-language: fr-FR,fr;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E9CF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

40ms
40ms

Document
text/html

2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:21 GMT
expires: Tue, 06 Feb 2024 12:16:21 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 06 Feb 2024 12:16:21 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 735B
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESENekyZyGk2QoohOIY84JKg8&google_cver=1&google_push=AXcoOmTqPGGq_8ltCgWghfjNUPGz2z_o-bmsJ2yhZ39rCIeoUoxe_Tw0U_2nS4ogsCmCA1j6RNcYWvEN9fc_ZS0ziSsRftLxyje8ppQ
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ4MjkwMjc5Njc1MDMyMTQ1MA==&gdpr=&gdpr_consent=

170 B
188 B

37ms
37ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ4MjkwMjc5Njc1MDMyMTQ1MA==&gdpr=&gdpr_consent=

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=ODQ4MjkwMjc5Njc1MDMyMTQ1MA==&gdpr=&gdpr_consent=
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:20 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 dpixel
cms.quantserve.com/ Frame 735B 35 B
463 B 90ms
27ms Image
image/gif 2620:116:800d:21:e365:4988:e8a7:3270

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESECNfl9zTtlFfPyhNOvgQBH0&google_cver=1&google_push=AXcoOmRe-_OIy0AVxIazPCC9Yxla6fxJl5ejj9WXGzMNFh4aHJZQQv51e1MG2grOHvHYWHNCy_ePv46VK6Ay9E-6x-iGf0FJlyfsmg

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:e365:4988:e8a7:3270 -, , ASN (),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 735B
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WmNJakZRQUMzV3B0ZXdBOQ==&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmTK3RwNHcjTSd0yMKWHQkLY-weKmv...

170 B
188 B

38ms
38ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WmNJakZRQUMzV3B0ZXdBOQ==&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmTK3RwNHcjTSd0yMKWHQkLY-weKmvEXTGAJeg2rs9bjRyT3TaWnqg6GWaMwceiRDUYy9aGmeMNHAXYCg7tAVzspl_gZGB-A3dk

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

x-served-by: cache-lcy-eglc8600039-LCY
pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1707221782.584963,VS0,VE0
x-cache: HIT
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=WmNJakZRQUMzV3B0ZXdBOQ==&google_gid=CAESEN6ZvDP_BtemvFcUAymF2Dw&google_cver=1&google_push=AXcoOmTK3RwNHcjTSd0yMKWHQkLY-weKmvEXTGAJeg2rs9bjRyT3TaWnqg6GWaMwceiRDUYy9aGmeMNHAXYCg7tAVzspl_gZGB-A3dk
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 google
match.adsrvr.org/track/cmf/ Frame 735B 70 B
148 B 37ms
37ms Image
image/gif 52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/google?google_gid=CAESEELjUtAZ0ZLjMNTDTuU3tK4&google_cver=1&google_push=AXcoOmTkMQhuCUJQh64SasatYBiFAzWhOH-TX68ZUm1h4mKdIwomO6tmV3JNe0UjArWzXnS-EhnQQFTpt1Ip9T57MAqVQOncfsrA4wM
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 735B 43 B
235 B 30ms
29ms Image
image/gif 35.214.149.91
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=google&google_gid=CAESEL1bl49IGoxA7b3HGuJ4kFM&google_cver=1&google_push=AXcoOmSGHv_X2PfJE3c1nhc38yPj3FqCpkjYzpV1z_Cg5e1IN02KTZBI3ZWFy3uCd-KpprRngnCP3FsvVm8pc1uOvw5czdjx72IomHw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.214.149.91 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS: 91.149.214.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date: Tue, 06 Feb 2024 12:16:21 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 735B
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEMZXdEdoNNDGdtry5yx2VD8&google_cver=1&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7BsV...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7B...

170 B
188 B

36ms
36ms

Image
image/png

142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7BsVR5BCOe0_iVJ3jF6T1cEzinY

Requested by

Protocol

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 06 Feb 2024 12:16:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTMyNTY5MjY2ODQwODI1MzU5Ng&google_push=AXcoOmT4uaoDqKZQQiApe04etRxCNKDN4rAdUzaFohptx7hjWEsUj5gD_3xBPdTjKj3S1gYaog3E7BsVR5BCOe0_iVJ3jF6T1cEzinY
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 google
d5p.de17a.com/cookies/ Frame 735B 35 B
125 B 154ms
47ms Image
image/gif 213.155.156.183

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d5p.de17a.com/cookies/google?google_gid=CAESEBddUMWiHa_xwmI3vXFiRTo&google_cver=1&google_push=AXcoOmSlfb8xL4B8Qq2nrLYouTU16J1uytIQTZD59b3Nu0mv9xZQwKWz4nJwy_oCnKD1yNIDhPADyqAtzaFdtReOjr6atNt9NNhmiC8
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8556862515989191&output=html&h=300&slotname=8632866318&adk=3100831755&adf=1594869314&pi=t.ma~as.8632866318&w=1200&lmt=1704536527&rafmt=11&format=1200x300&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707221780661&bpp=1&bdt=3409&idt=0&shv=r20240201&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D48bc8bbb5cd4e9cd%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA&gpic=UID%3D00000d520dd39f3b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A&eo_id_str=ID%3D3c2cf3a8976f536b%3AT%3D1707221777%3ART%3D1707221777%3AS%3DAA-AfjaPo8JqNOtu_m5icGRxQfCR&prev_fmts=1200x280%2C0x0%2C1600x1200%2C120x600%2C120x600%2C728x90%2C1200x280%2C1200x280&nras=5&correlator=5043432746550&frm=20&pv=1&ga_vid=1481967680.1707221778&ga_sid=1707221778&ga_hid=1320075155&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=108&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44795921%2C95322748%2C31080836%2C95323760%2C95324154%2C95324161&oid=2&psts=AOrYGskc7__sqohUOuK3qc4n6OM4m5irPhUoveRF9qRQsZiEWNUX7HE2kWvySLlDn6U0obkAzXeLyVkoO-8XbVqOtnwHJy_0%2CAOrYGsnFZZxKPurXVylGouduIpFFB4p4PE83jDK7p3_msC8iX6my_Z0gyTCmAq3UvaQOCxztvChztxdVW526UVmp3X0q7EF-ofHY7MchbRKWlzwrkNM&pvsid=3754886673919165&tmod=94907109&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=9&uci=a!9&fsb=1&dtd=2
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 213.155.156.183 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-type: image/gif
content-length: 35
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 735B 0
12 B 40ms
40ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KdEOEbiMUcHVOmwplrn-mw4KVypbpmNnafsE5DaxoXGYkG1qtIXu8U0DXL8oUlJ89mUUQJ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 12:16:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 13E5 33 KB
33 KB 25ms
25ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: fr-FR,fr;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 06 Feb 2024 00:19:40 GMT
x-content-type-options: nosniff
age: 43001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 05 Feb 2025 00:19:40 GMT

GET

/
www.googleadservices.com/pagead/ar-adview/ Frame 13E5
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CPESNFCPCZfLHK6yYiM0PltCr-APY-ozAc-fu1dSCEqTn8u2VAhABIKrSroQBYPvhhYOcCqABm_2eyAHIAQGoAwHIA8MEqgTyAU_QkXpsdG-WKPffcObLamYzpHx3lUmQywyR4cXKvo6Izlr...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22203974917446842862%22,%22debug_reporting%22:true,%22destination%22:%22https://rocketadmin.com%22,%22event_report_window%22...

0
0

GET
H3 200 AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js Show response
pagead2.googlesyndication.com/bg/ Frame C9B5 50 KB
19 KB 25ms
25ms Script
text/javascript 2a00:1450:4001:81c::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AQAQeYtzTrql21gmUfHv2Md-TtOjltGIaj9_D2yS7lg.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:81c::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Tue, 30 Jan 2024 19:01:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 580496
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19642
x-xss-protection: 0
last-modified: Mon, 15 Jan 2024 09:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 29 Jan 2025 19:01:25 GMT

OPTIONS /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sync.search.spotxchange.com
URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID

Domain: googlecm.hit.gemius.pl
URL: https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEJxDYAJXYqum6lhdU0rEwd8&google_cver=1&google_push=AXcoOmTjpaBnw9b3p664t1RQK4P-qJH-ag1wd4QFONorikCRBbSaQHxX_i35ZPQ-JQ1Js1zdC1enM6g0GS3pNdyD4-XbA7MN3dHoSK5b

Domain: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22203974917446842862%22,%22debug_reporting%22:true,%22destination%22:%22https://rocketadmin.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22419937947%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228194668520381018289%22}&andc=true

Domain: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22203974917446842862%22,%22debug_reporting%22:true,%22destination%22:%22https://rocketadmin.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22419937947%22],%2222%22:[%22true%22],%224%22:[%2202-06%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228194668520381018289%22}&andc=true

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.onworks.net/	1970-01-21 03:49:41	Name: _ga_DN38F0DWYD Value: GS1.1.1707221777.1.0.1707221777.0.0.0
.onworks.net/	1970-01-21 03:49:41	Name: _ga Value: GA1.2.1481967680.1707221778
.onworks.net/	1970-01-20 18:15:08	Name: _gid Value: GA1.2.1393553992.1707221778
.onworks.net/	1970-01-20 18:13:41	Name: _gat_gtag_UA_117545413_4 Value: 1
.onworks.net/	1970-01-21 03:35:17	Name: __gads Value: ID=48bc8bbb5cd4e9cd:T=1707221777:RT=1707221777:S=ALNI_MY0vEIwStmZ39MelUvqECp-eyz8WA
.onworks.net/	1970-01-21 03:35:17	Name: __gpi Value: UID=00000d520dd39f3b:T=1707221777:RT=1707221777:S=ALNI_Mb0gYeeChrl8q_NbdtAPunvbDYQ3A
.onworks.net/	1970-01-20 22:32:53	Name: __eoi Value: ID=3c2cf3a8976f536b:T=1707221777:RT=1707221777:S=AA-AfjaPo8JqNOtu_m5icGRxQfCR
.doubleclick.net/	1970-01-21 03:35:17	Name: IDE Value: AHWqTUmLFHQ0OTKnaDJ_jhSIocXyPItzHC5NivisjFE_fpYNsDQNom2bssJgZxY3lrU
.googleadservices.com/	1970-01-20 20:23:17	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 20:23:17	Name: XANDR_PANID Value: 9jQ9vcBJdWbuKHf-2cWWihc_e7VD4ib0HxoFCYm4rfc08MurdWeLHHzx_Fjn_uibgPYIBYm7CgLDTtKyJjANJb2KPP6T5EaQo4CtwfytX24.
.adnxs.com/	1970-01-21 03:49:41	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 20:23:17	Name: uuid2 Value: 8444155822258833648
.doubleclick.net/	1970-01-20 22:32:53	Name: receive-cookie-deprecation Value: 1
.casalemedia.com/	1970-01-21 02:59:17	Name: CMID Value: ZcIjE00otMp6gQZ36MVJFgAA
.casalemedia.com/	1970-01-20 20:23:17	Name: CMPS Value: 3376
.casalemedia.com/	1970-01-20 20:23:17	Name: CMPRO Value: 3376
.openx.net/	1970-01-21 02:59:17	Name: i Value: 56309607-74fc-4d63-a96c-4081e66904e8\|1707221779
.doubleclick.net/	1970-01-20 22:32:53	Name: APC Value: AfxxVi48UboIrgxAwKitGwYpx9lRMBMYlNGiO1LBJOF2C4W2n8T26A
.rlcdn.com/	1970-01-21 02:59:17	Name: rlas3 Value: +vTpWRkh1i5T/28fjRlIRhe3sG3OPuKYob5JblPOSnU=
.travelaudience.com/	1970-01-21 03:41:03	Name: _tracker Value: %7B%22UUID%22%3A%22C0C7A487-8A1B-40B9-2129-FF27DC09D43E%22%7D
.rlcdn.com/	1970-01-20 19:40:05	Name: pxrc Value: CJXGiK4GEgUI6AcQABIGCOndKhAA
ads.travelaudience.com/	1970-01-21 03:41:03	Name: _tracker Value: %7B%22UUID%22%3A%22C0C7A487-8A1B-40B9-2129-FF27DC09D43E%22%7D
.yahoo.com/	1970-01-21 02:59:39	Name: A3 Value: d=AQABBBUjwmUCEGuiegE5HzVV3xRE3N8lMUQFEgEBAQF0w2XMZQAAAAAA_eMAAA&S=AQAAAhTZM047U7BTpVGg3d-TJUU
.everesttech.net/	1970-01-21 02:59:17	Name: everest_g_v2 Value: g_surferid~ZcIjFQAC3WptewA9
.creativecdn.com/	1970-01-21 02:59:17	Name: g Value: ws7DCVb8mWOSS4tmzVU0_1707221781124
.creativecdn.com/	1970-01-21 02:59:17	Name: ts Value: 1707221781
.agkn.com/	1970-01-21 02:59:17	Name: ab Value: 0001%3AUu5N6eZ%2BFeWaD9qx%2BiEX%2BFcCn1jYqX4V
.agkn.com/	1970-01-21 02:59:17	Name: u Value: C\|0CEAtVN-VLVTflQAAAAAAAQ13AQCAAQpAAAAAAA
.adform.net/	1970-01-20 18:55:27	Name: C Value: 1
.adform.net/	1970-01-20 19:40:05	Name: uid Value: 5325692668408253596
.tribalfusion.com/	1970-01-20 20:23:17	Name: ANON_ID Value: amnoeUy4ZawUBA9MGIDM0E6cSFkMryB7qmbZdo64jU

120 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://www.onworks.net/push/getpaypal.php?email= Message: Failed to load resource: the server responded with a status of 404 ()
violation	error	(Line 3) Message: Permissions policy violation: accelerometer is not allowed in this document.
javascript	warning	(Line 3) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
violation	error	(Line 3) Message: Permissions policy violation: accelerometer is not allowed in this document.
javascript	warning	(Line 3) Message: The deviceorientation events are blocked by permissions policy. See https://github.com/w3c/webappsec-permissions-policy/blob/master/features.md#sensor-features
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.onworks.net/onworkssession.php Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
ad.doubleclick.net
ad.turn.com
ads.travelaudience.com
bid.g.doubleclick.net
c1.adform.net
cm.g.doubleclick.net
cms.quantserve.com
code.createjs.com
creativecdn.com
d.agkn.com
d5p.de17a.com
dclk-match.dotomi.com
dis.criteo.com
downloads.uptoplay.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
googlecm.hit.gemius.pl
havasfrorangedcmdisplay758646212611.s.moatpixel.com
ib.adnxs.com
id.rlcdn.com
images.onworks.net
match.adsrvr.org
mb.moatads.com
pagead2.googlesyndication.com
pr-bh.ybp.yahoo.com
px.moatads.com
region1.google-analytics.com
s.tribalfusion.com
s0.2mdn.net
static.adsafeprotected.com
stream.onworks.net
sync-tm.everesttech.net
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
ups.analytics.yahoo.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.onworks.net
x.bidswitch.net
z.moatads.com
googlecm.hit.gemius.pl
sync.search.spotxchange.com
www.googleadservices.com
132.226.214.62
142.250.184.194
142.250.185.162
142.250.185.198
142.251.168.155
151.101.2.49
162.55.101.40
172.217.18.98
172.64.151.101
178.250.1.9
18.202.133.215
185.184.8.90
185.89.210.180
2.19.103.55
2001:41d0:701:1100::49e1
2001:4860:4802:32::36
2001:678:cb4:bbbb::11
213.155.156.183
23.211.8.12
23.35.237.151
2600:1f13:800:7781:8c3e:5e6a:bcfa:1ac1
2600:9000:223f:bc00:8:48e:53c0:93a1
2606:4700:20::ac43:479b
2606:4700::6812:18ad
2620:116:800d:21:e365:4988:e8a7:3270
2a00:1450:4001:801::2002
2a00:1450:4001:802::2004
2a00:1450:4001:803::200a
2a00:1450:4001:806::200e
2a00:1450:4001:808::2006
2a00:1450:4001:80f::2003
2a00:1450:4001:811::2008
2a00:1450:4001:813::2002
2a00:1450:4001:81c::2002
2a00:1450:4001:828::2001
2a00:1450:4001:831::2003
2a02:26f0:3500:11::215:14dc
2a02:fa8:8806:16::1400
2a05:d018:d29:3605:4d30:662b:6e06:fc7c
3.64.186.134
3.75.62.37
35.190.0.66
35.214.149.91
35.244.159.8
35.244.174.68
37.157.5.132
52.223.40.198
010010798b734ebaa5db582651f1efd8c77e4ed3a396d1886a3f7f0f6c92ee58
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
02f7fde905e76291989f5c7740ba568cfdf3d6e9b1f7e4c077f79623905a41a3
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0efc96e3f29aafc61069f47595d712f150f53fc5cf571da65b1c6a6d59c11269
101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636
11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1984c4bb2ce10d00cb478c4ab216301e04502e25f2025b30dbeeb019172beb0d
1e38007cae61d3d6aebcf2d371c00c3d298393747bfe6c34c93dd0ce30b5e81d
2074a344a2a3deaff53edddcdac1961e6502cbf070e67e7284a87d096c994b0e
217640f86ba091586e82b930e52b64967303fe71934c45b7cb6bd3c36355e342
2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61
2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b
246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318
24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d
25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2607c8863da6f149e142d4e887ec547e0d31079eacfa0e53aa8b24495b5de38c
28bac19e2c9954e907755a04a23f54e66d170896802b32937d02835afc1aa3ab
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
32073b4cfcd75233a3c04936dd6926bbd6624e2c6940eaf5e18cd5da5ee1e3c7
320c83a2ecf5473795e1137deb93090208180cdb0cf8e7f6dad1a1f1aef35770
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
373c96ceaf68580b9aadae1d036072e949f3bf12f6ff40c5fd2366c10643392a
37800922a2b1d9686bccdc72d9b98efd2587c4fb78a917eb409b84b268789eb3
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
37d5b07c436cfe35ab0ea2083b687e03cf6df5f288863c988f997e258b2a9751
3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7
3da8c05808ded7073fbc48daf4caf6a6d0a2452db598a8501ceaaa8c1a69a7f8
3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
467112297ef0abc5c1706020521163b36b73bd0491bd413750cf5fa81bfda63e
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
483fb858e80384c28e49786f7869bb3b7c381ce3f27f353e465105217ba58346
4abc3020e4777753ca513a5e632401ceef5ad863e36b65676c819711bc97d318
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d819a0d1178ee5dd5dd7a1b3e26e53faf8f0b8d7f1bc41608614f5cb544a909
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb61fdec75519937aadd6279c3b827be304c184f2e43ee88c8fb3312990322f
50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758
51141d49f43b8617fed377901841d68cdd3b02e64d1736d38ce7ca94689f3d17
53d2bc565228860175bebfbca9c8536784aaaa6c74f0ba3993a2979be1e52ea4
54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26
58dd73c49f4f46169cf48c480e71c8b2fc8f40d759eacf64ed41b8813bc3c41d
5958d9394f4a28cff9feba5f23c9d5f7fe204acbd95137db178163b553b2ea50
5a8427d00d4966dca4c9ad4d09541c85e610fe17157304b8a53ab59fd39f9bdf
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b185405b2cf0699bb833f19d6e752bacb56f9e83397f90b045d0aca1c49b19a
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
713e11be3293b76423916d51b74da3a8f6cc4de6fc34eade31283c8e3004df95
773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d
7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44
7d791c4ef0472f575bbf5404c57a5ad96231960a28547b6c8e88e75838a255ed
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
864eb930dd8d8c93f4d7ab8b76a5d382029bd4632080125777918be6cba28e65
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e5eddb1c2b0e70951a6bc1e264bb3b3998be1143b2a98a4a654370ac1230a46
8f8e57b2e69ceb1091b24334ec346c53add32fb4b3cd8592cb42c8971aae2719
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf
9a092ae7a8e93111a90129df068970838bfc6a2453211fc2113e0c4dd534f214
9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2f7af80d0448251673b08a29cfb0e61d128fd63845cba595ec10737828886db
a97ff6c1871d57e1f439c7f3e8804d5ac6f142c9c68fb01d6d2f55c97c6d1198
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890
ac31bbe74bed7f6ea8e76773fb05372c8b11656b074f1c1411a29f0e37f8c1ec
ae33218e11a856b76c96a0d4e660dbd5153c3d7b457da39f92fb40fc273c8c62
ae446fe41e1aa7dc7a41580ead76bf09c401499ea577bbf4c28c12a4c51cfa67
af078168703e56c3f39a80e3e7d7649c956fcaa25337abddbdb6eb7c941b7cf4
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1de8101808c699e84d1a02fbf939f995929045667224157f0d5f17593a5ef48
b2113a1b09099052772c662efbe513342d32cb95ea407c9d3eb524baff671a0c
b62a63c4711954c9ae32842b37a2bd30223bb947b5b9443401604c9591846a0f
b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0
b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227
b9e71698196d00509c5ed502305fab643ed815240fbaceb0d0ffea230635be5a
bc9c7ea5651953b4f2fbd11ced321c255cb268422bca3f1ba1108243bb327d6b
bd6e9eca257fd55109291cb996429e05298804a5e3c5ab7c36412a48445e4fd0
bf88b8315e9fc15c52dd7da1e3a68e4c760a9a38f9666747d88479ac0ccc9913
c015b831b0660e6996c98360200729401a62b49b892908f6a08ecb8813350b2e
c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859
c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb
c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64
cb64a0172bc5e2d6cffee43095f4fa8ff3685a4652200c8649cac9d6cc95db24
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d84037bada82c8af096c750483248eb827b621c42236f3b687cc07c2f93d6dbe
d88bf27b473f583efd195951f73cab2fef5dc279c4badc85b84126c908c19689
d99a3294b83fe3b21e9251c87e7696b7f5ba1651c5d82256db3c0700ead09b57
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dea8636954a35da1718e91aac0d4710206f26eb1a4a6b82c42643725c5ee6a35
e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e439bebf8de2df0582273906d2c1dceff2387c661efb2152ef1c28420ce4e7e5
e4807c80aaee00d2e1b5e8760036e7b9308b092ec140c5fa20ea00c17e91c246
e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984
e537bb0b81601eabcdc6dd4e2eb938917a7c6887765651882ec0ed5081c26c67
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e8f9669cf92313f4dbc3f63bfc232bae2e58aa750d8e22cb4313042cea34f928
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ebf1336025bd98063cbfb2cf6f11db578fc321766d4a748cb3db871cfe3d3142
ed0e7e64215a9663152e2d5c1c9a5ba0fe76c9f5de3dfe71bf45f0a64e977c69
ed1b1264b699701356071b825419f9fb8af6143ea5e946d0120167b567c42e44
ed4bce9a8a756448b0944d53e3724ad29896d14a9e94a6de5d73f28b1eeed016
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152
ff21dfb04c85e71ada94de815b2063756127049c6fc5d6dc648128cee1159619

www.onworks.net Open in urlscan Pro 2606:4700:20::ac43:479b Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

278 Requests

91 %HTTPS

47 %IPv6

37 Domains

52 Subdomains

38 IPs

6 Countries

3890 kBTransfer

10049 kBSize

31 Cookies

13 Outgoing links

Page URL History

Redirected requests

278 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.onworks.net Open in urlscan Pro
2606:4700:20::ac43:479b Public Scan

Screenshot
Live screenshot

Full Image

278
Requests

91 %
HTTPS

47 %
IPv6

37
Domains

52
Subdomains

38
IPs

6
Countries

3890 kB
Transfer

10049 kB
Size

31
Cookies

278 HTTP transactions
9 data transactions