Submitted URL: http://noxfile.com/iszixtiikj9vy6t/download
Effective URL: https://noxfile.com/isZIXtiiKj9Vy6T
Submission: On February 25 via api from US — Scanned from US

Summary

This website contacted 15 IPs in 2 countries across 17 domains to perform 80 HTTP transactions. The main IP is 2606:4700:3036::ac43:bead, located in United States and belongs to CLOUDFLARENET, US. The main domain is noxfile.com.
TLS certificate: Issued by GTS CA 1P5 on January 6th 2024. Valid for: 3 months.
This is the only time noxfile.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
22 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 106
tpc.googlesyndication.com — Cisco Umbrella Rank: 161
447 KB
22 noxfile.com
noxfile.com
348 KB
15 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 219
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
cm.g.doubleclick.net — Cisco Umbrella Rank: 264
210 KB
14 google.com
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 665
www.google.com — Cisco Umbrella Rank: 2
71 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 136
2 e-volution.ai
rtb2-useast.e-volution.ai — Cisco Umbrella Rank: 8402
1 KB
2 gstatic.com
fonts.gstatic.com
31 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 32
2 KB
1 rfihub.com
a.rfihub.com — Cisco Umbrella Rank: 3028
1 KB
1 adkernel.com
dsp.adkernel.com — Cisco Umbrella Rank: 5345
544 B
1 microad.jp
aid.send.microad.jp — Cisco Umbrella Rank: 13088
641 B
1 yahoo.com
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 530
758 B
1 inmobi.com
mweb.ck.inmobi.com — Cisco Umbrella Rank: 4665
506 B
1 travelaudience.com
ads.travelaudience.com — Cisco Umbrella Rank: 6413
598 B
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 792
463 B
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
251 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 40
93 KB
80 17
Domain Requested by
22 noxfile.com 1 redirects noxfile.com
14 pagead2.googlesyndication.com noxfile.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
11 fundingchoicesmessages.google.com pagead2.googlesyndication.com
8 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
7 googleads.g.doubleclick.net 1 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
6 cm.g.doubleclick.net googleads.g.doubleclick.net
3 www.google.com 1 redirects googleads.g.doubleclick.net
tpc.googlesyndication.com
2 www.googleadservices.com googleads.g.doubleclick.net
2 rtb2-useast.e-volution.ai 2 redirects
2 fonts.gstatic.com fonts.googleapis.com
2 securepubads.g.doubleclick.net noxfile.com
securepubads.g.doubleclick.net
2 fonts.googleapis.com noxfile.com
1 a.rfihub.com 1 redirects
1 dsp.adkernel.com 1 redirects
1 aid.send.microad.jp googleads.g.doubleclick.net
1 pr-bh.ybp.yahoo.com 1 redirects
1 mweb.ck.inmobi.com 1 redirects
1 ads.travelaudience.com 1 redirects
1 cms.quantserve.com googleads.g.doubleclick.net
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com noxfile.com
80 21

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
wa.me
www.linkedin.com
pinterest.com
Subject Issuer Validity Valid
noxfile.com
GTS CA 1P5
2024-01-06 -
2024-04-05
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
*.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
www.google.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh
quantserve.com
R3
2023-12-27 -
2024-03-26
3 months crt.sh
*.send.microad.jp
GlobalSign RSA OV SSL CA 2018
2023-10-03 -
2024-11-03
a year crt.sh
www.googleadservices.com
GTS CA 1C3
2024-02-05 -
2024-04-29
3 months crt.sh

This page contains 10 frames:

Primary Page: https://noxfile.com/isZIXtiiKj9Vy6T
Frame ID: 2E927B838F80539CACD38F8B439B4B09
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/zrt_lookup_fy2021.html
Frame ID: 9DB3A0E0FBD530DB02B3D652182A8171
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&adk=1812271804&adf=3025194257&lmt=1708898911&plaf=7%3A2&plat=2%3A16777216%2C3%3A128%2C4%3A128%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x810_l%7C140x810_r&format=0x0&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911480&bpp=6&bdt=572&idt=501&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4086894449251&frm=20&pv=2&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=519
Frame ID: 5D68D15D36B960DFDF7ADD11C0EAB3FD
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=0&adk=1394946374&adf=3976019522&w=0&lmt=1708898912&format=0x0&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911273&bpp=214&bdt=364&idt=736&shv=r20240221&mjsv=m202402200101&ptt=5&saldr=sd&abxe=1&prev_fmts=0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=800&ady=142&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791%2C31081354&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEr%7C&abl=CS&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=743
Frame ID: 7BC92829C094ACF30A20895C2BB260A7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Frame ID: 7313C9000625DF131E5FCA2C5B60BED0
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: AD3685E56BF18190E78069CBFCE15205
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 57E147549975A5B3C8145ED3B4B05C8D
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/8Tsy5hKGOkd2pZxHZ-DVXCM53v6mWtt85lweNHdJ0fc.js
Frame ID: 3735D96D5EB773390CE6C919AF4EB42B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A05D126A50743F9EE5A1993790F14D94
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1EE47B34F6C32D5D5E3880F1650446B1
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

NOXFile — Download — Picsart_v24.2.3.apk

Page URL History Show full URLs

  1. http://noxfile.com/iszixtiikj9vy6t/download HTTP 302
    https://noxfile.com/isZIXtiiKj9Vy6T Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • clipboard(?:-([\d.]+))?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/pagead/show_ads\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

80
Requests

93 %
HTTPS

65 %
IPv6

17
Domains

21
Subdomains

15
IPs

2
Countries

1202 kB
Transfer

3192 kB
Size

24
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://noxfile.com/iszixtiikj9vy6t/download HTTP 302
    https://noxfile.com/isZIXtiiKj9Vy6T Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 52
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 54
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESELSzHZdxkJhKTNzFUGHkQ34&google_cver=1&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMipb0m-tBAep6Wf9-8soTw3GmZuyRG_rBr5x11HaBwUozHl42_bMWxMbE1v1yPYUZ9nXJk0Yw HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=5Rl-qUtXTjI2TLgKEWSwYQ&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMipb0m-tBAep6Wf9-8soTw3GmZuyRG_rBr5x11HaBwUozHl42_bMWxMbE1v1yPYUZ9nXJk0Yw
Request Chain 55
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=1&google_push=AXcoOmTpy3SrMUoBHbmn17maztFSZ_Ci0p2U-ynp2sp6ccOsTCeznEiefI_Cmpo3WDSVl_SW2kySo3G6FWwoYLPXGjCXoDPnC6lCBiGdvGlQlMZ6nJVCKgI9t3aaUWpU3fRU6vH-Wmt-jbWrrjHDZfYqdaU5Og HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZGE0MWJjMmYtMzcyMS00NGYwLTg0Y2ItNGE1YmYxMGFhNzIx&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=1&google_push=AXcoOmTpy3SrMUoBHbmn17maztFSZ_Ci0p2U-ynp2sp6ccOsTCeznEiefI_Cmpo3WDSVl_SW2kySo3G6FWwoYLPXGjCXoDPnC6lCBiGdvGlQlMZ6nJVCKgI9t3aaUWpU3fRU6vH-Wmt-jbWrrjHDZfYqdaU5Og
Request Chain 56
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELxlmaNR8-UNi35DAsFu_Qo&google_cver=1&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-kU_4siVUxuSZXI7YGkSk0wLZgYlR3pUGLKzPBqknExHyo-CZ5QNyUyXYfQQi5J HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-kU_4siVUxuSZXI7YGkSk0wLZgYlR3pUGLKzPBqknExHyo-CZ5QNyUyXYfQQi5J&google_hm=eS1GeWdhNFVWRTJwRmdtd2xxOWpaSDNoY2FhUDJ3SG9abH5B
Request Chain 58
  • https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESENWHKCNXDJZjH9C9kAKTsXc&google_cver=1&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM HTTP 302
  • https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESENWHKCNXDJZjH9C9kAKTsXc%26google_cver%3D1%26google_push%3DAXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM HTTP 302
  • https://rtb2-useast.e-volution.ai/sync?adkuid=A4633064844784784082&exchange=193&google_gid=CAESENWHKCNXDJZjH9C9kAKTsXc&google_cver=1&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTQ2MzMwNjQ4NDQ3ODQ3ODQwODI&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM
Request Chain 59
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEC2N1Be-ufq17J3qTz9jNeM&google_cver=1&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi12vzVwZZCkrgA0urr8nQh1KID-_Nqq2HMv1I4AyuGzxeXfEM5qK8BZnk1b2Fi9A HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi12vzVwZZCkrgA0urr8nQh1KID-_Nqq2HMv1I4AyuGzxeXfEM5qK8BZnk1b2Fi9A&google_hm=NzIzMjk3ODkwNzA5ODk5NjQ4
Request Chain 66
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CLCoaYLrbZZr2D9-GkPIPp8Cl8AfZuOeHdtaJv97-EbGQHxABIJKfpJoBYMnujovApIwQoAH34pu0KMgBAqgDAcgDyQSqBNsBT9Bpn8I_6xHbxLK2YQjpRGTB5ypIPyyYFJFw9RUG0IVhR1hPPUKIc3LZZZXWJbg6-N3rUbPlbImMFlglio1YmDFlqY2TBWIMrxyEyVdkU0O7iY37r9qqLl8GkGfEFoihg2eu0hxT84s1AgJaYZHJLf9KYI6FBp9FdSbowTZ968lu2U-3KNW-jsh9tI4jVQCZmmWO30zsmc4U9ewOfbtkPbF9knBEmP-2Mi2BVGm6cBjgbNI9h4WTCm5GKmqJldFwdmzAm14PXy-t63QADhmrdPESpcOPrhhEEnNkwATh9_fhgQSIBZeb65FDkgUECAQYAZIFBAgFGASgBgKAB_ea7JMDqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHr76xAqgH1ckbqAemvhvYBwHyBwQQ-ZxL0ggkCIBhEAEYHzICigI6CYBAgMCAgICACEi9_cE6WP-m-8TAx4QDmglEaHR0cHM6Ly9mcmVlLndlYmNvbXBhbmlvbi5jb20vbWluaW1lLz9idG49c3RhcnQmY2FtcGFpZ249MTgwMjI1ODM3MDOACgHICwHaDBEKCxDQyLjsvOf7mqsBEgIBA9gTDNAVAYAXAbIXHAoaCAASFHB1Yi05NjUyNTUxNjc0MTEyMzAwGAA&sigh=F-kgFpONje0&uach_m=%5BUACH%5D&ase=2&cid=CAQSPAAvHhf_D0BCN4slXULL-ROn6A-EiApF7d9N3mRWKK2IsPYqErGaRPwmVAcIo2BkvcJF41xAn6O_JCTGThgB&cbvp=2&vis=1&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x81c6f4209c6c6e580000000000000000%22,%222%22:%220xa8189fdea326a4070000000000000000%22,%223%22:%220x803db58dcd5d17e0000000000000000%22,%224%22:%220xb689b5b79dbdf8210000000000000000%22,%225%22:%220xeff2b5b26dd029650000000000000000%22},%22debug_key%22:%2217883406726334543039%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-25%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216600375856708066961%22}&andc=true

80 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request isZIXtiiKj9Vy6T
noxfile.com/
Redirect Chain
  • http://noxfile.com/iszixtiikj9vy6t/download
  • https://noxfile.com/isZIXtiiKj9Vy6T
21 KB
6 KB
Document
General
Full URL
https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
628ae53e048ba9b9210bfac0e07ac3f1bfbfcea4902919b54a5fda2b215871d6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, private
cf-cache-status
DYNAMIC
cf-ray
85b3446dae194bcf-BUF
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sun, 25 Feb 2024 22:08:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u5KOyzlKuz73kyM1PRyLnhpBVUh0UHfwN7UMCTKcrsYgDG%2FZsZ21LNQtirVq%2BOqPmVOAhyPoWd3WuRXqwd4pUasXOFX2xAbvPJJuBeSUglYmGsptGnBANG5zb7qm2VK%2F8W1EHQeFtt27UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
85b3446b38494bbb-BUF
Cache-Control
no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sun, 25 Feb 2024 22:08:30 GMT
Location
https://noxfile.com/isZIXtiiKj9Vy6T
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EX3ZYTJFRyg7vtlN2ExXL0%2FXWGSogtPIctXn1%2B%2FwnuzAhYgSbiSGhMcrKi7dfMFrjrUSyAhj5Wzi93Rl9e4%2Bfo3laJ9PA4LKvjv6Ph7R91kFkLtjTG2iCMM4DsusVpRw8eF8Ff8tLtK9Tg%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400
css2
fonts.googleapis.com/
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
35ae53cd6f0cde71e622f6e54dc576bb82ffab56c9e41b1298f932eebf963eb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 25 Feb 2024 21:22:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 25 Feb 2024 22:08:31 GMT
css2
fonts.googleapis.com/
3 KB
660 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Almarai:wght@300;400;700&display=swap
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
a609f2b2b86a2e2b5eed9fcd81afba534db26f2bfbb5a2bc7024898e472ee927
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 25 Feb 2024 22:02:16 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 25 Feb 2024 22:08:31 GMT
bootstrap.min.css
noxfile.com/assets/vendor/libs/bootstrap/
159 KB
25 KB
Stylesheet
General
Full URL
https://noxfile.com/assets/vendor/libs/bootstrap/bootstrap.min.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
457d42dfc58373e2b07655f896ed685ba9729c2111684fd6eb02bf3697634939

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 01 Oct 2021 19:42:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xaihVUqWw9hfn0%2BeVDjOqxXnS2l6YAq6w9gWR4yegGwJRiLPWtFGE9W7CjmT7INTToj9m4MvN6p6Hoqr2dhDP0a49iTKCYCadL%2BMilnlhOYhz4dxlzP%2FC%2BHs80Hfh7IQfw7ZnThQWBPYIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715a9d4bcf-BUF
alt-svc
h3=":443"; ma=86400
fontawesome.min.css
noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/
98 KB
21 KB
Stylesheet
General
Full URL
https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/fontawesome.min.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
188a706590dc9e898c5c90a1da8346a9bc732cad28884386fbf20b05f4e83594

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sun, 17 Jul 2022 16:22:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Y6wtXRGpcDqRurrE6AxL32W%2BFa9cvVtt6HBopO0j4xArbUCOdJFXBPEI%2BxN7BFPGjHFBDIGU9c%2FbUmYyNZvo8hP4VfbQf9fdALwX2qwwTd%2FZtXGIUQF1DrKwAztjgU0Hnc%2BWHIAGLgVCg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715a9e4bcf-BUF
alt-svc
h3=":443"; ma=86400
toastr.min.css
noxfile.com/assets/vendor/libs/toastr/
6 KB
3 KB
Stylesheet
General
Full URL
https://noxfile.com/assets/vendor/libs/toastr/toastr.min.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a34df602208737c03a159949be4f22ed4c843ce4dbd5a0211ae34ec190fd6403

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 28 Dec 2021 20:27:24 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFsumpJ3Sx%2F%2FQ6pEqKnvmbnKFEM9WhH1sSm8fUYxIxsl9vnyS3o%2BREMEKN7m6jnmPrpMQ6yXlGHtycnUSqTylWSw7f1rD9hEn0Pai2E7mzMHGgyiiSOWqtiMLrrEilo%2BgeSYMcnd%2BEc8mA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715a9f4bcf-BUF
alt-svc
h3=":443"; ma=86400
simplebar.min.css
noxfile.com/assets/vendor/libs/simplebar/
3 KB
1 KB
Stylesheet
General
Full URL
https://noxfile.com/assets/vendor/libs/simplebar/simplebar.min.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56f1018c32be3d6be2fbe926c035e3e2321fbb09d5a04abdb45ddf3cfc3ae085

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 01 Oct 2021 19:17:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wb1GiiwQx6iuSvR4uR1vH1JFGaZYU2DotjKG2Fsv9RRlUHg5iQy9rOg8bMJtTQlOaZr5pyTxN9XxJ4Q%2Fy1Dv69N7xd05ukPPp8y5i%2BpkGh3sFKe31g1L3cMyuyAu%2F5Y0ApwmqTYpvmrmfw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715aa04bcf-BUF
alt-svc
h3=":443"; ma=86400
colors.css
noxfile.com/assets/css/extra/
176 B
394 B
Stylesheet
General
Full URL
https://noxfile.com/assets/css/extra/colors.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79b93c5200d6753fa61794c75866628d3dedfbd45a126d7acc7dbce42486dee7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 23 Oct 2023 12:33:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lIvcDCfK4LKXvNCeq6BJroD0wjwz7m9mveSWe3JWjQdAFyRtN88W1OcXRfQpo0CLJp%2FFL9daxQzSp%2BxXLmY3AVHu8ItiLGgXwhUVkAP9l1UWpReG4I0gOa%2FP26oFNJBJi%2FjOMzAFzkwh9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715aa14bcf-BUF
alt-svc
h3=":443"; ma=86400
extra.css
noxfile.com/assets/css/extra/
883 B
623 B
Stylesheet
General
Full URL
https://noxfile.com/assets/css/extra/extra.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d45a35c655775f855c086ee6839bab57c07390900cbdb3037691f1e5a8cd84f

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 03 Jan 2022 00:35:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0a2DLrLhf9XO65c3yQa5B%2F9QCsdtqbH4Enb8tZG2gCWrw738NR70ddy64DM19Z0aB98cLUomrmwBmdv5mdEyiKb7OIqe180vu47wxY9UlA8bWf1%2FOGX68o11eaGAHtWA%2BMg7D%2F%2F%2B12kfFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715aa24bcf-BUF
alt-svc
h3=":443"; ma=86400
application.1eee54d9f4d8d39d147baa15a2bd9442.css
noxfile.com/assets/css/
44 KB
8 KB
Stylesheet
General
Full URL
https://noxfile.com/assets/css/application.1eee54d9f4d8d39d147baa15a2bd9442.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a4b98cf63f1b73d1fa5ca182c399231f8598843c8e85c6f9c76ec06d0a4fae7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 23 Aug 2023 04:42:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iLRGiRSAjjU5Q43aCNlUr9EGk%2BrmD8s4t%2B6D70Nlg%2F4%2BF3JximA1%2ByyIFU866hMw0lTEG%2BI4RoW%2BML4tGD%2FQFMykdQF6OJP0%2BmjNfA5gCLIQSiTkxhF2NmWBhtMA3H0QHJrOIDt6NgOXYA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715aa44bcf-BUF
alt-svc
h3=":443"; ma=86400
custom.css
noxfile.com/assets/css/extra/
1 KB
739 B
Stylesheet
General
Full URL
https://noxfile.com/assets/css/extra/custom.css
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
898996c96e8958444d5299c1393424ea6cd5a9ff4b6c952f321e96128525cb1e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 29 Dec 2023 05:34:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mmDbxZb%2F%2BFMiF6hZxehSxV6k3qhqEaBsQmglkR5vG7V66%2BxmHM5nTWZMayQugPUM0Oa9lUJpvJCGceYwsH7NvHxLnipIlcBa6Qu7LQ1vTUaNlYktb4Q9MQQp0QXzDSLOFdzopROEbz%2F6ug%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
85b344715aa54bcf-BUF
alt-svc
h3=":443"; ma=86400
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
147 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9652551674112300
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e07aec0575ae20378a903f785e96532af4eff8d6a902a2f6e0eb39bd96b5df1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Origin
https://noxfile.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51180
x-xss-protection
0
server
cafe
etag
5822784439884233107
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Sun, 25 Feb 2024 22:08:31 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
89 KB
29 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
82808a77a6a254dacba4fbff29b050af1f4fe798c8cdb4c29fff785cd0a69a26
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28702
x-xss-protection
0
server
cafe
etag
209 / 19778 / m202402200101 / config-hash: 2958856145408218626
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 25 Feb 2024 22:08:31 GMT
dark-logo.png
noxfile.com/images/
4 KB
4 KB
Image
General
Full URL
https://noxfile.com/images/dark-logo.png
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a012aa63115b1e462aa462d543a8e926fcfc269b6755ac7a40ab56f1897fbbe7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
cf-cache-status
REVALIDATED
last-modified
Thu, 13 Jul 2023 13:18:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rlk2JRZdUeELJvqlBqZmV82QhcZTLMlaYrDc%2FVJ3h3c9eSLW4qWvj%2B048um7llLPSXO4wjIqm1E3zUUMMpidfTM6CczaduG6rpy7RDXMt1QGmxp6cVIYAisoYGolp78JqjYeU7G44h9pAA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b344715aa64bcf-BUF
alt-svc
h3=":443"; ma=86400
content-length
3874
en.png
noxfile.com/images/flags/
673 B
979 B
Image
General
Full URL
https://noxfile.com/images/flags/en.png
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53c9b7dcd76cbe43ed0ad40605b09ef24c3e30a05e0b7bf9b3be1502d07fab84

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 17 Jul 2022 23:53:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IQODVQwaUWDCodmdxWEt2qBNQgZuUjQhFYFuBzN6AmVVEi8o1SxJO6jLkfUQirLDVuJSOzyGCTlGq3W%2B1j3GPrY4cc0XbRCyQaMr0wTZOe1RSf3TNeUTmI1Cuvpz3WlX4RRCs30F5DrMZw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b344715aa74bcf-BUF
alt-svc
h3=":443"; ma=86400
content-length
673
show_ads.js
pagead2.googlesyndication.com/pagead/
25 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/show_ads.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf78ca7a81ed0cb9ef6a8252ca6dac6e27a91e1ca9f3f916a4b634245e0eb639
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10528
x-xss-protection
0
server
cafe
etag
14749822556547136458
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 25 Feb 2024 22:08:31 GMT
apk.png
noxfile.com/images/types/
12 KB
13 KB
Image
General
Full URL
https://noxfile.com/images/types/apk.png
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00f5837a8213ea64a50f91b2bdd0fafac9c100f8e8a43a03beba9fe4a0f94324

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
cf-cache-status
REVALIDATED
last-modified
Mon, 18 Jul 2022 00:26:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7IrLAnKK6fKtoWeveSMbVU7X0oV4Up3Bn9TbzV9E868Bk2s5cNraA%2Fc97VLH7XOvpPT5t4hbFGmzbhKT%2BrzJjVmhkYwgg79A06RwhpRLtpHi9LRfvXj9MEGRi%2BR6T9UhullYmIDmvOvHIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b34472acd14bc3-BUF
alt-svc
h3=":443"; ma=86400
content-length
12583
js
www.googletagmanager.com/gtag/
279 KB
93 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-52Z949DQFZ
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c10edb5c58659d8dffd902de4a2595d7269da9a62b8e776c2e694e387b077524
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
94923
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 25 Feb 2024 22:08:31 GMT
jquery.min.js
noxfile.com/assets/vendor/libs/jquery/
87 KB
32 KB
Script
General
Full URL
https://noxfile.com/assets/vendor/libs/jquery/jquery.min.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 01 Oct 2021 19:56:55 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1w7UpJG0hZC3TdzchduxvcAwHTHUHA5mKsEKAe5A4ECVuk8UV7f1V3q97BhlMQlppWc2seW2Ap%2FKLl9K9Zij7sWd%2FtNNK%2FSlHV0AbKEoKLBIejfYBHIhOuGib4PlQoDhjdckfUJlIMWACg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd3e4bc3-BUF
alt-svc
h3=":443"; ma=86400
bootstrap.bundle.min.js
noxfile.com/assets/vendor/libs/bootstrap/
77 KB
23 KB
Script
General
Full URL
https://noxfile.com/assets/vendor/libs/bootstrap/bootstrap.bundle.min.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f27c2a51f4f713efda3881de03697fdce7a5022874d94d5256e106e0322d598

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 01 Oct 2021 19:42:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBdfZUJmxsnxU1ugzy9rkf9mN3AiSZL%2FAd657bMvA%2Fd%2BLil5IpKDW%2FFk%2BbPO6b9MltQeUTREvS%2FBeiXNHTMbth4gCgiEiLw3B4ZCNeKoEpGGXPFAUE9pPc19mrPxGWE7oAnJZFdtGxeyVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd414bc3-BUF
alt-svc
h3=":443"; ma=86400
toastr.min.js
noxfile.com/assets/vendor/libs/toastr/
5 KB
2 KB
Script
General
Full URL
https://noxfile.com/assets/vendor/libs/toastr/toastr.min.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7fe565f3385448e1ec8d57dc2c1639d723561f1aabc2e3d547e284bbf9f9b073

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 04 Oct 2021 20:28:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yw1bfaTeR%2Fr5Gfl%2F%2FmBU4zmpET7lt6fPZMkhmcLflW7UECd3W%2FGloGr7Jb8NYoOcnrdjVCy38wOEL7w%2FG0S7aPGxOpZg2zuDR3Oqu3oUOGgO%2FG40Zbdc0dUrUsdMZos3lHTCwhGoOTfbjw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd424bc3-BUF
alt-svc
h3=":443"; ma=86400
simplebar.min.js
noxfile.com/assets/vendor/libs/simplebar/
57 KB
18 KB
Script
General
Full URL
https://noxfile.com/assets/vendor/libs/simplebar/simplebar.min.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
39c3c7a018149bfa70ac78df0f5d49a74c909da2aed3c7c9ae24a5592e9bbff9

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Mon, 22 Mar 2021 16:51:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GWJ7vlekP6hoAi4qJFCTjfZwNWBCU1Nu2mdk6dA2SE7hUWQlpEBh8P0CC3Sn0E0idgrx5uM9KHREotyOBcfphUjlNEQiRlQ3V8uuTW%2Bfs747tE%2Fy0J60oIxJgIfqsDAcXMTcNsdxAwlqnA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd434bc3-BUF
alt-svc
h3=":443"; ma=86400
clipboard.min.js
noxfile.com/assets/vendor/libs/clipboard/
9 KB
4 KB
Script
General
Full URL
https://noxfile.com/assets/vendor/libs/clipboard/clipboard.min.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
261ffa06f381039cf7d18984d1364c59f3c2b9b60b1fa05d5f9c8c152e4d5be5

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 29 Jun 2021 20:03:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GIo%2Fh6l7OehKs9kyZCN8MqF2%2BKwK4IYD7EhXkLe6PZnEVtYDu8qNeOhH%2BrWbJp1uTnenr%2FUiFiV65yXg3pGAm9GSMJIo0iTeMl39ciViU10CEApkVN%2FmZij1HjIZ6W8PT43s8oPs6is9g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd454bc3-BUF
alt-svc
h3=":443"; ma=86400
application.ef3081e4ac92276216f2472e96b51c6a.js
noxfile.com/assets/js/
23 KB
8 KB
Script
General
Full URL
https://noxfile.com/assets/js/application.ef3081e4ac92276216f2472e96b51c6a.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae382d9fb8fa5a70de8903c013eb6450b589fe54a997a4cc70bf55c004cbf53c

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Sun, 01 Jan 2023 17:04:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LodtU625Ims%2BfGyZZtnIk0Ka2OmOwVj9Uw7NzH03Tq8KphuPnZs7iRm35aETmed6ri95ggim%2FsK0Cs%2BsXQIJwORT8RbOezvMf1UQW2mUi9t76ZypDiW6VFG5iMNRQ55bS1bgomF6uDhctQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd474bc3-BUF
alt-svc
h3=":443"; ma=86400
extra.js
noxfile.com/assets/js/extra/
2 KB
1001 B
Script
General
Full URL
https://noxfile.com/assets/js/extra/extra.js
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5e2cfc10e90c257761d93ea813670288980565c75ecb14efe3e2851a6bf76a7

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/isZIXtiiKj9Vy6T
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Wed, 20 Jul 2022 15:36:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=098P44l6iBochmA2Gavyotw2wjCE%2FFSlJr9JA%2FGD4o%2FqV%2BCIXOTB01aYyCodAkA6NWPLshQqRnQLV0Pg%2B%2BeRqGhb9kBr%2B93eGMTM4R%2FvpLQQff%2FaeyiAWxT8HoGr%2BYGuEWHRVUKVf2Yo2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
85b34472dd484bc3-BUF
alt-svc
h3=":443"; ma=86400
fa-solid-900.woff2
noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/webfonts/
151 KB
151 KB
Font
General
Full URL
https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/webfonts/fa-solid-900.woff2
Requested by
Host: noxfile.com
URL: https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/fontawesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73

Request headers

Referer
https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/fontawesome.min.css
Origin
https://noxfile.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 22 Mar 2022 13:08:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8BZvrI49F4QO4ES70cvhU5sZtugRhOPPbj4ABMFqiphEcaBf9kNx6DjtlwMLWJauk3vfw8%2FMzWCfy%2BxRi9sWJA1MayO4GblqhiWiyBAge4TVmjARCyyxJTpVxjwEW0tZBbbT8QMQ74Z2g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b34472fd6c4bc3-BUF
alt-svc
h3=":443"; ma=86400
content-length
154228
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://noxfile.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 07:50:33 GMT
x-content-type-options
nosniff
age
310678
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 21 Feb 2025 07:50:33 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
147 KB
50 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/show_ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fcf6d89a0b8544243c1f268573197d2a404e618de271dafd439f1ceb517e9ccd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
51333
x-xss-protection
0
server
cafe
etag
14916999056727429569
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Sun, 25 Feb 2024 22:08:31 GMT
fa-regular-400.woff2
noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/webfonts/
23 KB
24 KB
Font
General
Full URL
https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/webfonts/fa-regular-400.woff2
Requested by
Host: noxfile.com
URL: https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/fontawesome.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3036::ac43:bead , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6a274e7629c0d71dcf8cab1e7733687ebfe32e2c53b4ca9fad050b4f1d5471f3

Request headers

Referer
https://noxfile.com/assets/vendor/libs/fontawesome/v6.1.1/fontawesome.min.css
Origin
https://noxfile.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
cf-cache-status
REVALIDATED
last-modified
Tue, 22 Mar 2022 13:08:02 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u312h%2FWmzoyzab%2F%2F2cY%2BBMTtniAs5TpW4QZdu4QggwmyjQe2h2DC05RtKOdHxCLkrDBRfjMP9mbByjf6WvpC3upW%2FuXTPtdipyalYdQStsi%2BCDzWheaY1f2WiqNm%2F6r4E6vaMeOSRs1iEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85b344743e484bc3-BUF
alt-svc
h3=":443"; ma=86400
content-length
23940
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700;900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://noxfile.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 07:34:06 GMT
x-content-type-options
nosniff
age
311665
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15740
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 21 Feb 2025 07:34:06 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402200101/
428 KB
135 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202402200101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ae3dcf8002e428f15567c5a304172fe086cf525cc41c02a83c091989152e4cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:48:28 GMT
content-encoding
br
x-content-type-options
nosniff
age
1203
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
137981
x-xss-protection
0
server
cafe
etag
12437356588311396475
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Mon, 24 Feb 2025 21:48:28 GMT
show_ads_impl_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/
408 KB
138 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9652551674112300
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f8f9643b266aa1ecc111eeca95499700f16cc2b322840f8b731c47cf093c1088
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
141539
x-xss-protection
0
server
cafe
etag
15150740742642472611
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Sun, 25 Feb 2024 22:08:31 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/ Frame 9DB3
9 KB
4 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240221/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9652551674112300
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
7241
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 20:07:50 GMT
etag
3890843268177463596
expires
Sun, 10 Mar 2024 20:07:50 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
www.google-analytics.com/g/
0
251 B
Ping
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-52Z949DQFZ&gtm=45je42l0v9134317772za220&_p=1708898911277&gcd=13l3l3l3l1&npa=0&dma=0&cid=1405663897.1708898912&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708898911&sct=1&seg=0&dl=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&dt=NOXFile%20%E2%80%94%20Download%20%E2%80%94%20Picsart_v24.2.3.apk&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1689
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-52Z949DQFZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:31 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://noxfile.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 5D68
3 KB
680 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&adk=1812271804&adf=3025194257&lmt=1708898911&plaf=7%3A2&plat=2%3A16777216%2C3%3A128%2C4%3A128%2C8%3A64%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=128x810_l%7C140x810_r&format=0x0&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&pra=5&wgl=1&easpi=0&asro=0&aseiel=1~2~4~6~8~9~10~11~12~13~14~15~16~17&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911480&bpp=6&bdt=572&idt=501&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=4086894449251&frm=20&pv=2&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=519
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fea3613db9aaa1b0bacd5788ebc10a9b1122f66e0d2eb277ddd8e7d0ede4bd3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
657
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:32 GMT
expires
Sun, 25 Feb 2024 22:08:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=DIV&cls=nav-bar&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: noxfile.com
URL: https://noxfile.com/isZIXtiiKj9Vy6T
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:32 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame 7BC9
846 B
427 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=0&adk=1394946374&adf=3976019522&w=0&lmt=1708898912&format=0x0&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911273&bpp=214&bdt=364&idt=736&shv=r20240221&mjsv=m202402200101&ptt=5&saldr=sd&abxe=1&prev_fmts=0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=800&ady=142&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791%2C31081354&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEr%7C&abl=CS&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=743
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
978eb03abc9e4ebf84b075a7c1cf6c5672e0db6e30d65859243d827559741247
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
403
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:32 GMT
expires
Sun, 25 Feb 2024 22:08:32 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 7313
104 KB
40 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28fbe06d8381c0815b6642d9c0bd90e9828073f371134851a19121576ec22587
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
40702
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:33 GMT
expires
Sun, 25 Feb 2024 22:08:33 GMT
observe-browsing-topics
?1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ca-pub-9652551674112300
fundingchoicesmessages.google.com/i/
182 KB
61 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-9652551674112300?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4dbc0107532286cc45b0a0a42cbc2bc4ad1a9ad08247d5cc3540d17c519aa382
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-dT5ZDEM-zvlS6A5b815BWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:32 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-dT5ZDEM-zvlS6A5b815BWg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzj6mHU4pJi8NWQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6OB1_erWMT2PD1wkxGAIQnQPE"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWzcXMqLtZDrKJussfKino4tqwflU8JKbqJPUiuZgCmt1ENiFw_JLEtTE2qPAvhVOfZnCXRHJyUNVjBB52HD5EHjq1xdrxXthIBKrTG-Hg8gTHN4z3Cp89AU-_jR3LUriemtAs2eg==
fundingchoicesmessages.google.com/f/
3 KB
2 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWzcXMqLtZDrKJussfKino4tqwflU8JKbqJPUiuZgCmt1ENiFw_JLEtTE2qPAvhVOfZnCXRHJyUNVjBB52HD5EHjq1xdrxXthIBKrTG-Hg8gTHN4z3Cp89AU-_jR3LUriemtAs2eg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4ODk4OTEyLDQxMTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9ub3hmaWxlLmNvbS9pc1pJWHRpaUtqOVZ5NlQiLG51bGwsW1s4LCI2VEdMSVRIZlc2YyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0ed70f2c83563457c67ef5a6ba4aa58ac30914e9fe36e769d8f85abf60845cf9
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-TPJLprir9G49DFkz8Yo9Vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:32 GMT
content-security-policy
script-src 'report-sample' 'nonce-TPJLprir9G49DFkz8Yo9Vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJiCNKQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6OB1_erWMT-DDl6A1GAIcuQQk"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxWvooLp9c4L7yF6q6PpaZ5HeuE9hveQMw-LB9LpaCN10Kdtm3D1CeIQbqUYDKMYlAzbOYZznd5az2JU9hJXFPepQTOsbK2K4cmT3OdlDlxXAP4fiK8b7YB4TpsuqBPEEHSJyqTjoQ==
fundingchoicesmessages.google.com/f/
10 KB
5 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxWvooLp9c4L7yF6q6PpaZ5HeuE9hveQMw-LB9LpaCN10Kdtm3D1CeIQbqUYDKMYlAzbOYZznd5az2JU9hJXFPepQTOsbK2K4cmT3OdlDlxXAP4fiK8b7YB4TpsuqBPEEHSJyqTjoQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4ODk4OTEyLDQ4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vbm94ZmlsZS5jb20vaXNaSVh0aWlLajlWeTZUIixudWxsLFtbOCwiNlRHTElUSGZXNmMiXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aa93542a32fca930831ac527b9535066e580398a72981043b58a8d050e9ff398
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-69xP49M_v_vU7lKwILO2qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:32 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-69xP49M_v_vU7lKwILO2qQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNSQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6OB1_erWMT-LDv1jdGAH5bQVU"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
11778604948800383788
tpc.googlesyndication.com/simgad/ Frame 7313
13 KB
14 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/11778604948800383788?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkAaLVHOOPz_bastxbvDcE70OBe7Q
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d2ec1c907004fb1a0d9ade9e9f5d3b19efb55a0319dbaadaea734d86cb5e4c66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 07:34:39 GMT
x-content-type-options
nosniff
age
311634
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13781
x-xss-protection
0
last-modified
Thu, 03 Aug 2023 13:09:57 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Fri, 21 Feb 2025 07:34:39 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/ Frame 7313
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ec1d799ea15ca9389d9dcd1f5d5c9698d612204464a24020099137878484a168
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 07:31:35 GMT
content-encoding
br
x-content-type-options
nosniff
age
52618
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8988
x-xss-protection
0
server
cafe
etag
12564770436581814922
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 10 Mar 2024 07:31:35 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 7313
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:18:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
3018
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 10 Mar 2024 21:18:15 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 7313
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e7afde571c53d192943a40b3b7f109e698bb47e6d6424bc7d1f53a7cb9466360
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:18:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
3018
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8211
x-xss-protection
0
server
cafe
etag
3968847549730513390
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sun, 10 Mar 2024 21:18:15 GMT
l
www.google.com/ads/measurement/ Frame 7313
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQl-bCpZ1rAGhJPuxsey20lycfX87mNYFvzV9brbYo15tBnj6b__xUIEaPa_rZ3yjsgiTnd42Yw6ct00g8fGPmow9DPgg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 7313
204 KB
61 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1be58ac66106f8f26b344b506dbca6968b96606a5bb9f89dac5678dfaf9522ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:34:47 GMT
content-encoding
br
x-content-type-options
nosniff
age
2026
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62895
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 25 Feb 2024 22:34:47 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/ Frame 7313
36 KB
14 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240221/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
11af2195e813c746e06f5dfccc66a824263d97395721fd109fc820cafcc7e1fc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sat, 24 Feb 2024 23:01:03 GMT
content-encoding
br
x-content-type-options
nosniff
age
83250
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14601
x-xss-protection
0
server
cafe
etag
13220165445093104717
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Sat, 09 Mar 2024 23:01:03 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame AD36
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
2494
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 21:26:59 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 57E1
1 KB
643 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

age
30824
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=86400
content-encoding
br
content-length
618
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 13:34:49 GMT
etag
48472445140208031
expires
Mon, 26 Feb 2024 13:34:49 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ad_servlet.
fundingchoicesmessages.google.com/f/AGSKWxXU0Lk62hwB4K30djOs13tmSE_5J-i-T7JdgVZeR5YtdsB85Xyde70yo4jOqrmz-4I683lsXCdWw127haBlIUeKdr6mc_wSCRpnyd73WwZCnQ-FTI_y5ax_vMbEVJE2l8PFyL-OU6dRDPt749zRHlwaa22Yj...
54 B
110 B
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXU0Lk62hwB4K30djOs13tmSE_5J-i-T7JdgVZeR5YtdsB85Xyde70yo4jOqrmz-4I683lsXCdWw127haBlIUeKdr6mc_wSCRpnyd73WwZCnQ-FTI_y5ax_vMbEVJE2l8PFyL-OU6dRDPt749zRHlwaa22Yj5KaSXYMaNm9AIyDPwB1rkYU3ki-M4lx/_/boxad1./rcom-ads-/adtech;_web_ad_/ad_servlet.
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzmtY4U3bNV8m5BcBjBYzvPxYy6IA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2ea39ec84363589d551f83678b18a85685d20fcaa31fbe845d36b4c880873421
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-9xEdaJdqcyo7Pr7hx9b7JA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-9xEdaJdqcyo7Pr7hx9b7JA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNKQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIW6Oh1_erWMTuHDlQT0APPBA2g"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Mon, 01 Jan 1990 00:00:00 GMT
lidar.js
pagead2.googlesyndication.com/pagead/js/
85 KB
30 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzmtY4U3bNV8m5BcBjBYzvPxYy6IA/m=ad_blocking_detection_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
efae00f257fbdd16f945d40156928e4d796449859e1a4dc05fde50f61f61840a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 21:35:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
2007
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31003
x-xss-protection
0
server
cafe
etag
16097037246406947114
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
timing-allow-origin
*
expires
Sun, 25 Feb 2024 22:35:06 GMT
AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-mS20_6_cQHdwq752MR-PTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-mS20_6_cQHdwq752MR-PTA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw0ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoEJ-27PYAQASosV_g"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://noxfile.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame AD36
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:33 GMT
expires
Sun, 25 Feb 2024 22:08:33 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:33 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dpixel
cms.quantserve.com/ Frame 57E1
35 B
463 B
Image
General
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEJLCJitO7VuM9ttopx9c-Yc&google_cver=1&google_push=AXcoOmRKjHooj-2lNzr4CeTUQnXYAKfnXL716YkGIiQN0XBCCyOHW55fx89VNOnZfpUo-Tlm2uQmKa9u05BnSwr4P_jViMuyoS1ETf-38k3wjYarkrk4wVqaSEB7D5cj6K_Gc6VIuB3TwyG7CvW74HTK5LZPJw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:b08a:1dc5:659b:4055 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type
image/gif
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 57E1
Redirect Chain
  • https://ads.travelaudience.com/google_pixel?google_gid=CAESELSzHZdxkJhKTNzFUGHkQ34&google_cver=1&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMip...
  • https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=5Rl-qUtXTjI2TLgKEWSwYQ&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMipb0m-tBAep6Wf9-8...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=5Rl-qUtXTjI2TLgKEWSwYQ&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMipb0m-tBAep6Wf9-8soTw3GmZuyRG_rBr5x11HaBwUozHl42_bMWxMbE1v1yPYUZ9nXJk0Yw
Protocol
H2
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sun, 25 Feb 2024 22:08:33 GMT
via
1.1 google
x-engine-version
0.0.0
server
nginx/1.21.6
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=5Rl-qUtXTjI2TLgKEWSwYQ&google_push=AXcoOmToQwWbIyN0Fow5F68cVUj0L2G7M7bUm_5q7OsMqK6vqCREkS_Pu0O8tgtDCqY3tuVMhW9aRkDwLciazMipb0m-tBAep6Wf9-8soTw3GmZuyRG_rBr5x11HaBwUozHl42_bMWxMbE1v1yPYUZ9nXJk0Yw
x-host
tde-deliveryengine-production-7fbb6d4658-8bwp6
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
pixel
cm.g.doubleclick.net/ Frame 57E1
Redirect Chain
  • https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=...
  • https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZGE0MWJjMmYtMzcyMS00NGYwLTg0Y2ItNGE1YmYxMGFhNzIx&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=1&google_push=AXcoOmTp...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZGE0MWJjMmYtMzcyMS00NGYwLTg0Y2ItNGE1YmYxMGFhNzIx&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=1&google_push=AXcoOmTpy3SrMUoBHbmn17maztFSZ_Ci0p2U-ynp2sp6ccOsTCeznEiefI_Cmpo3WDSVl_SW2kySo3G6FWwoYLPXGjCXoDPnC6lCBiGdvGlQlMZ6nJVCKgI9t3aaUWpU3fRU6vH-Wmt-jbWrrjHDZfYqdaU5Og
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=ZGE0MWJjMmYtMzcyMS00NGYwLTg0Y2ItNGE1YmYxMGFhNzIx&google_gid=CAESEFz9lkotaGbaROcP7NBiCm4&google_cver=1&google_push=AXcoOmTpy3SrMUoBHbmn17maztFSZ_Ci0p2U-ynp2sp6ccOsTCeznEiefI_Cmpo3WDSVl_SW2kySo3G6FWwoYLPXGjCXoDPnC6lCBiGdvGlQlMZ6nJVCKgI9t3aaUWpU3fRU6vH-Wmt-jbWrrjHDZfYqdaU5Og
date
Sun, 25 Feb 2024 22:08:33 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-length
0
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 57E1
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESELxlmaNR8-UNi35DAsFu_Qo&google_cver=1&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-k...
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-kU_4siVUxuSZXI7YGkSk0wLZgYlR3pUGLKzPBqk...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-kU_4siVUxuSZXI7YGkSk0wLZgYlR3pUGLKzPBqknExHyo-CZ5QNyUyXYfQQi5J&google_hm=eS1GeWdhNFVWRTJwRmdtd2xxOWpaSDNoY2FhUDJ3SG9abH5B
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Sun, 25 Feb 2024 22:08:33 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmQ_u_S-3vn7bTthdhH5md9mz6EzAVijD26pEK3QMcWTRPzfJleP9mv6YhUT-0OjoVwlJXQ-Hlk8kftCJTKAZnh_m-kU_4siVUxuSZXI7YGkSk0wLZgYlR3pUGLKzPBqknExHyo-CZ5QNyUyXYfQQi5J&google_hm=eS1GeWdhNFVWRTJwRmdtd2xxOWpaSDNoY2FhUDJ3SG9abH5B
content-length
0
asr
aid.send.microad.jp/g/ Frame 57E1
43 B
641 B
Image
General
Full URL
https://aid.send.microad.jp/g/asr?google_gid=CAESEPSqUBE7TLPXusBQlu6mReI&google_cver=1&google_push=AXcoOmRPqqx8DnZytQrgd57mQbffSklO0XvlSKlkRjrOmgO1-850RLaum-9q4744JI0B-HxzZayE2wIX9M_dd9Spe3vSoDsGMsB4lToi7Ctb-R4OicCm065QGfO7q0m77KdeQmrzYANnrQiIZmpkBTHh4a15Kg
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
202.233.84.1 , Japan, ASN131957 (MICROAD MicroAd, Inc., JP),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=3600

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Sun, 25 Feb 2024 22:08:33 GMT
Strict-Transport-Security
max-age=3600
Server
Apache
P3P
policyref="http://www.microad.jp/w3c/p3p.xml",CP="NOI DSP COR NID DEVo PSAo OUR STP STA PRE"
Access-Control-Allow-Origin
*
Content-Type
image/gif
Connection
close
Access-Control-Allow-Headers
origin, x-requested-with, If-Modified-Since, content-type, Pragma, Cache-Control
Content-Length
43
pixel
cm.g.doubleclick.net/ Frame 57E1
Redirect Chain
  • https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESENWHKCNXDJZjH9C9kAKTsXc&google_cver=1&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3...
  • https://dsp.adkernel.com/adkuid?r=https%3A%2F%2Frtb2-useast.e-volution.ai%2Fsync%3Fexchange%3D193%26google_gid%3DCAESENWHKCNXDJZjH9C9kAKTsXc%26google_cver%3D1%26google_push%3DAXcoOmSuTEDwxfXFqvx7Fx...
  • https://rtb2-useast.e-volution.ai/sync?adkuid=A4633064844784784082&exchange=193&google_gid=CAESENWHKCNXDJZjH9C9kAKTsXc&google_cver=1&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0z...
  • https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTQ2MzMwNjQ4NDQ3ODQ3ODQwODI&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTQ2MzMwNjQ4NDQ3ODQ3ODQwODI&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM
Protocol
H2
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=metup_srl_w_bidswitch&google_hm=QTQ2MzMwNjQ4NDQ3ODQ3ODQwODI&google_push=AXcoOmSuTEDwxfXFqvx7FxaqNPKT5xUpvtyd_22TfMjWPnTKsO0zlXtMwGGINWixcQ6xFWcDAHWmXwP3HdJfhjR4rnqvqEB7RSAguB3wDSrwoY53WJFxMmAY7oECIBSabn7RqSYFYRzhpBDExfT3Pv8JUppDXHM
Date
Sun, 25 Feb 2024 22:08:33 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 57E1
Redirect Chain
  • https://a.rfihub.com/cm?pub=445&in=1&google_gid=CAESEC2N1Be-ufq17J3qTz9jNeM&google_cver=1&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi12vzVwZZCkrgA0urr8nQh1KID-_...
170 B
329 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi12vzVwZZCkrgA0urr8nQh1KID-_Nqq2HMv1I4AyuGzxeXfEM5qK8BZnk1b2Fi9A&google_hm=NzIzMjk3ODkwNzA5ODk5NjQ4
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=zeta_interactive&google_push=AXcoOmS3PFNrZLwTYWb1L_7Fhclc5zqYZZEjw0Lo_hTru7n2mfwqNnW9y1Rek79_qiFr10bV3IOlNJXR16KY7qz4wHrrzSi12vzVwZZCkrgA0urr8nQh1KID-_Nqq2HMv1I4AyuGzxeXfEM5qK8BZnk1b2Fi9A&google_hm=NzIzMjk3ODkwNzA5ODk5NjQ4
Date
Sun, 25 Feb 2024 22:08:33 GMT
Server
Jetty(9.4.51.v20230217)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
attr
cm.g.doubleclick.net/pixel/ Frame 57E1
0
139 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LwIlJa5tuzvqfyQpzyG375yIEWHN2_xTww-tqF-5whA9KUZ2mSp-LAPwZlbt6fGZuebSUIUas
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.194 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s72-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
content-type
text/html
AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-pygwe4YCRMm8q9ngeTTp5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-pygwe4YCRMm8q9ngeTTp5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw0JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoEHK6bMYAQAS8YV9Q"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://noxfile.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-f0EtZJAd9QGUGAS3Ljip_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-f0EtZJAd9QGUGAS3Ljip_g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw1pBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoEP6xbPZgQAS1MWGA"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://noxfile.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-rCda5mHx9sFyEZi8LvycJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-rCda5mHx9sFyEZi8LvycJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw05BiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoEFKxbMZgQAS_QVyg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://noxfile.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxXoXZcKh2Su8MnwKxH0DRaIhe9ojWWpVHuFgMtpbG2qKR8Xw8fwYJZP5whAZUgJYz_MdpmQWUYlRA0Kb9PSEQivG6LYjWV7QkQ7tdVvL_tCEyLRUmnsF-r9GueLGbxxHFrolBU0Cw==
fundingchoicesmessages.google.com/f/
3 KB
2 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxXoXZcKh2Su8MnwKxH0DRaIhe9ojWWpVHuFgMtpbG2qKR8Xw8fwYJZP5whAZUgJYz_MdpmQWUYlRA0Kb9PSEQivG6LYjWV7QkQ7tdVvL_tCEyLRUmnsF-r9GueLGbxxHFrolBU0Cw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA4ODk4OTEzLDI5NjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9ub3hmaWxlLmNvbS9pc1pJWHRpaUtqOVZ5NlQiLG51bGwsW1s4LCI2VEdMSVRIZlc2YyJdLFs5LCJlbi1VUyJdLFsxOCwiW1tbMF1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ed7d369f48a1d0ad3dc495d2b7aedb4c5a5bca77207a7fe279afb3e0bb748b72
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-NLrLQLkRzung12VIWF2T6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-NLrLQLkRzung12VIWF2T6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzj6mHU4pJicNWQYjjvdIfpOhBfVHnKdBOIaxmeMbUC8YPwZ0wvgNhA4zmTBRAz_nnBxAnE7768ZOL5-pJJAog1gPid5Cumb0C8w8eDhW_ddFYVINZdP501FIhjnk9nTQHixawzWFcDsVP6DNYgIP6cOYP1NxD71M9gjQFiIR6Oh1_erWMTOPH40SJGAH_6QQs"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
truncated
/ Frame 7313
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2a161403cbd9d9710b6ccb29bb347f70c20e81a3095d8e080a84f80678e07c0a

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Content-Type
image/png
/
www.googleadservices.com/pagead/ar-adview/ Frame 7313
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CLCoaYLrbZZr2D9-GkPIPp8Cl8AfZuOeHdtaJv97-EbGQHxABIJKfpJoBYMnujovApIwQoAH34pu0KMgBAqgDAcgDyQSqBNsBT9Bpn8I_6xHbxLK2YQjpRGTB5ypIPyyYFJFw9RUG0IVhR1h...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x81c6f4209c6c6e580000000000000000%22,%222%22:%220xa8189fdea326a4070000000000000000%22,%223%22:%220x803db5...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x81c6f4209c6c6e580000000000000000%22,%222%22:%220xa8189fdea326a4070000000000000000%22,%223%22:%220x803db58dcd5d17e0000000000000000%22,%224%22:%220xb689b5b79dbdf8210000000000000000%22,%225%22:%220xeff2b5b26dd029650000000000000000%22},%22debug_key%22:%2217883406726334543039%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-25%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216600375856708066961%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Server
142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"aggregation_keys":{"1":"0x81c6f4209c6c6e580000000000000000","2":"0xa8189fdea326a4070000000000000000","3":"0x803db58dcd5d17e0000000000000000","4":"0xb689b5b79dbdf8210000000000000000","5":"0xeff2b5b26dd029650000000000000000"},"debug_key":"17883406726334543039","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-25"],"6":["true"]},"priority":"500","source_event_id":"16600375856708066961"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Sun, 25 Feb 2024 22:08:33 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Sun, 25 Feb 2024 22:08:33 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x81c6f4209c6c6e580000000000000000","2":"0xa8189fdea326a4070000000000000000","3":"0x803db58dcd5d17e0000000000000000","4":"0xb689b5b79dbdf8210000000000000000","5":"0xeff2b5b26dd029650000000000000000"},"debug_key":"17883406726334543039","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-25"],"6":["true"]},"priority":"500","source_event_id":"16600375856708066961"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
AGSKWxVABjX8e7lc9VbqbDIs6cO3yjmgvYqkpXrQwlgaMwy5gFsoO3WxLlRPVwyrsu8wZpkjfO-IYyTnkZYdn9z2EpTFnBB0ARRIhuqnd4hfkWWGkT1qy6MfKIct5jnFmOokbXYPEw7wMg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVABjX8e7lc9VbqbDIs6cO3yjmgvYqkpXrQwlgaMwy5gFsoO3WxLlRPVwyrsu8wZpkjfO-IYyTnkZYdn9z2EpTFnBB0ARRIhuqnd4hfkWWGkT1qy6MfKIct5jnFmOokbXYPEw7wMg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-92ZqiWsiAKStEVyTNge8-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-92ZqiWsiAKStEVyTNge8-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmJw0JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoEbDStOMgIASewWAg"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
access-control-max-age
86400
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
access-control-allow-origin
https://noxfile.com
access-control-allow-methods
POST, GET, OPTIONS
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxVubKMIHiSzYVkzvdmpISreaJYyAfQ3luIGQY9R_E-iN2jd8cz3CarV72638MUDtPh0NkOHPa19jLMPBaP94GrYAn0MFExU3GpOWegAvC7_kz1IQjzPqp6rRxewZ-W27z-oFMZtUg==
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.6TGLITHfW6c.es5.O/am=wA/d=1/rs=AJlcJMxmqd-4XpOfC1zmKha8ROUCcFmG7w/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-csHc8dANvW2nZWbXWNlmFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
Content-Type
text/plain

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-security-policy
script-src 'report-sample' 'nonce-csHc8dANvW2nZWbXWNlmFw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzj0tHikmLw1ZBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hi1P6DNYQIBbi4Xj45d06NoGGq2dPMgIATLUWMQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://noxfile.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x81c6f4209c6c6e580000000000000000%22,%222%22:%220xa8189fdea326a4070000000000000000%22,%223%22:%220x803db58dcd5d17e0000000000000000%22,%224%22:%220xb689b5b79dbdf8210000000000000000%22,%225%22:%220xeff2b5b26dd029650000000000000000%22},%22debug_key%22:%2217883406726334543039%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-25%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216600375856708066961%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s71-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Sun, 25 Feb 2024 22:08:33 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240221&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ad82cb0fcc21b8da71a7908392ade81849cbb12e8202341f8a65d382a164cdd8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12348
x-xss-protection
0
8Tsy5hKGOkd2pZxHZ-DVXCM53v6mWtt85lweNHdJ0fc.js
pagead2.googlesyndication.com/bg/ Frame 3735
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/8Tsy5hKGOkd2pZxHZ-DVXCM53v6mWtt85lweNHdJ0fc.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9652551674112300&output=html&h=280&slotname=7172016301&adk=3485345153&adf=1038138397&pi=t.ma~as.7172016301&w=728&fwrn=4&fwrnh=100&lmt=1708898912&rafmt=1&format=728x280&url=https%3A%2F%2Fnoxfile.com%2FisZIXtiiKj9Vy6T&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1708898911487&bpp=2&bdt=578&idt=573&shv=r20240221&mjsv=m202402200101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C0x0&nras=1&correlator=4086894449251&frm=20&pv=1&ga_vid=1405663897.1708898912&ga_sid=1708898912&ga_hid=979778031&ga_fc=1&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=149&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C31081082%2C95325069%2C95320376%2C95324155%2C95324161%2C95325791&oid=2&pvsid=1033466860218347&tmod=1150171756&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=578
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f13b32e612863a4776a59c4767e0d55c2339defea65adb7ce65c1e347749d1f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 13:35:22 GMT
content-encoding
br
x-content-type-options
nosniff
age
30791
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19817
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 13:35:22 GMT
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202402200101/show_ads_impl_fy2021.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 25 Feb 2024 22:08:33 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A05D
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
age
273328
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 22 Feb 2024 18:13:05 GMT
expires
Fri, 21 Feb 2025 18:13:05 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 1EE4
829 B
995 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
153433568e279e2e691cdd7b3dce0ebc0b86b89c970bbe61417671982f7c1d61
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Lfmy_xC5L2Jud39gms0iDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://noxfile.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Lfmy_xC5L2Jud39gms0iDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 25 Feb 2024 22:08:33 GMT
expires
Sun, 25 Feb 2024 22:08:33 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js
pagead2.googlesyndication.com/bg/ Frame A05D
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/BoEj1MRYnOy5BSN5ElbJySd6MGFyYBWT_ZtkFEIAVvM.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 13:35:27 GMT
content-encoding
br
x-content-type-options
nosniff
age
30786
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15302
x-xss-protection
0
last-modified
Mon, 19 Feb 2024 17:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Mon, 24 Feb 2025 13:35:27 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1EE4
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240221&jk=1033466860218347&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame A05D
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?_4Fy7A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:809::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

date
Sun, 25 Feb 2024 22:08:34 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 7313
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstjGsNw6ehcvp1uP2PL0lQTN8ieG4EPaGLuf_Gp3sB96HB6iExrIZbMSnofyTqPXnEPjR8wT0I6KDpxvJQ8U7QS4-d0KU7giTB0UVqiblW0PRnaqNYe1vhBJ1h50Ab1NVaPVEvBUpzhjzJMf72zwHfBA8I8Rr_54A4&sai=AMfl-YSd5wSxyAf8pfli2mOZyMnqUVS4S7SnR-V22XfDhzKn37JZaI-89yee_lC09S_oum4s_7QbjFVjHKJw9creOOFOk1CO-PPKz4G_mdyd0uTb56uvg19aLwabOJ4E&sig=Cg0ArKJSzDf2qQVAowykEAE&cid=CAQSPAAvHhf_D0BCN4slXULL-ROn6A-EiApF7d9N3mRWKK2IsPYqErGaRPwmVAcIo2BkvcJF41xAn6O_JCTGThgB&id=lidar2&mcvt=1001&p=0,0,188,728&mtos=1001,1001,1001,1001,1001&tos=1001,0,0,0,0&v=20240222&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=3485345153&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=483171300&rst=1708898912069&rpt=1303&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 25 Feb 2024 22:08:34 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240221&jk=1033466860218347&bg=!z8ylzIPNAAZ3BdUuVwU7ADQBe5WfOMj6kRe1bNmS1kLtOVloUGRmvxmR9DB4w2djpZTjETq4p1O66l5EUdEDz4oLDSyiAgAAAG1SAAAAA2gBBwoAqnmf2PYnaXjwXj46jDhBY_dFnXmh6EjInaXsOcDdQWcNpb2_rq7dL2emEc0B3-gEyRZW9pvw4Dw2wzMuHPJddbkAD2HlGh2QxMsEL2a3qQobPhlnJkHRbGupCcTiCc9LGds2L29hnEpYZbFYsHXa1m_Hgtn1P77uMueyB3R9zozNuM--AoLI-9TuuMowKOx_L0HJOlLJvE-gwC-LjX5ki_6wcVa4W4z9oFh1mQLTLD_T0Scd-brIah-PcfRnkf3VBY55OR9cBLRfeqOVByLZjZmtM_S420HiAWA6EiIaZzkYl_PVbfKyQmu4yfK_Be5stFktlkO7SVLeW1Ee8AVVKb2jJEuQIRDBugCZDMiA5LUugU06KLrOmnghqoDkrbdMKfNdKI-u-6RS0drqtOvIXk90UjnrzgWUduBQbvWzkwJjPxImKn_4f-CKUygnzvZgCIWr2959RXa46cqyGv24Ahc5sXjSrsHmzy2OnOQXdNWpwhK2urdQZxDwJnr-Gpmb63F-pU86XrGPQJh8DRKqRRWDbp50maKsaV4LpUJLmAxGRoOOa8xVsYXlvvlmjgKWAqW-kv1CwNGedH5CWUksAfywYF89khCBLpdXkNXeZxMkhbfHhPRtYJaxDRAfkCmRUwNMde1QipLlLNwthQOWwPSFDHZDVBEKzZ_FrVK1uoFf3p-Hpu8D4_gZRX4sTbX1ztjryWyXFlRCmPkKeyJ_DoddOq1yN2Usbdb8PMw4BNYZshDQZoBEJdVnhNpP0FMduDiw_tXIYu18xWWxh1jxlX7-53sX_iFmXXDfLpP1bA1KGO-STaFWJlG6fVTFLONbOVczaDkqwEXQhgBB-s3o-Gr0VhrfJXiF7JP5rHgb96ZtRCUhxc9W0XhiyyaIID4p5zIRMvbyZJ3uU2Fp0rr0SeRwotTTWCVHF8DXJSadWsGuouBq6G7Otdl8uGzjMEXXncOUlhjUGxKp1Cn5gVzYhscbHMmqKk0QyQnpr26IL70YdLiW8skd_U2boBuAWvey__gYKyrzT81vA1xXE2KhztLw_IUsdnCE2OmoPvIu0iDNVHVCQ1260GzdN-z4ptsadDngaKvZRw3NbZ_7IvYs_L8TA1nVnb5w4VPWhre_wmC66LPZ1AO_x6HOFYzvVL8DrnLmujbRR3l9CvIdy_EklIvB7BFa5pQRFVbhTTLpHWPM
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:81c::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
en-US,en;q=0.9
Referer
https://noxfile.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

204 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| interstitialSlot object| googletag object| google_js_reporting_queue number| google_srt object| google_ad_block object| google_ad_channel string| google_ad_client object| google_ad_format number| google_ad_height object| google_ad_host object| google_ad_host_channel object| google_ad_host_tier_id object| google_ad_layout object| google_ad_layout_key object| google_ad_output object| google_ad_region object| google_ad_section string| google_ad_slot object| google_ad_type object| google_ad_unit_key object| google_ad_dom_fingerprint object| google_ad_semantic_area object| google_placement_id object| google_daaos_ts object| google_erank number| google_ad_width object| google_adtest object| google_alternate_ad_url object| google_alternate_color object| google_apsail object| google_captcha_token object| google_city object| google_color_bg object| google_color_border object| google_color_line object| google_color_link object| google_color_text object| google_color_url object| google_container_id object| google_content_recommendation_ad_positions object| google_content_recommendation_columns_num object| google_content_recommendation_rows_num object| google_content_recommendation_ui_type object| google_content_recommendation_use_square_imgs object| google_contents object| google_country object| google_cpm object| google_ctr_threshold object| google_cust_age object| google_cust_ch object| google_cust_criteria object| google_cust_gender object| google_cust_id object| google_cust_interests object| google_cust_job object| google_cust_l object| google_cust_lh object| google_cust_u_url object| google_disable_video_autoplay object| google_enable_content_recommendations object| google_enable_ose object| google_encoding object| google_font_face object| google_font_size object| google_frame_id object| google_full_width_responsive_allowed object| efwr object| google_full_width_responsive object| gfwroh object| gfwrow object| gfwroml object| gfwromr object| gfwroz object| gfwrnh object| gfwrnwer object| gfwrnher object| google_gl object| google_hints object| google_image_size object| google_kw object| google_kw_type object| google_language object| google_loeid object| google_max_num_ads object| google_max_radlink_len object| google_max_responsive_height object| google_ml_rank object| google_mtl object| google_native_ad_template object| google_native_settings_key object| google_num_radlinks object| google_num_radlinks_per_unit object| google_override_format object| google_page_url object| google_pgb_reactive object| google_pucrd object| google_referrer_url object| google_region object| google_resizing_allowed object| google_resizing_height object| google_resizing_width object| rpe object| google_responsive_formats object| google_responsive_auto_format object| armr object| google_rl_dest_url object| google_rl_filtering object| google_rl_mode object| google_rt object| google_safe object| google_safe_for_responsive_override object| google_video_play_muted object| google_source_type object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_tag_origin object| google_tag_partner object| google_targeting object| google_tfs object| google_video_doc_id object| google_video_product_type object| google_webgl_support object| google_package object| google_debug_params object| dash object| google_restrict_data_processing object| google_ad_public_floor object| google_ad_private_floor object| google_traffic_source object| easpi object| asro object| seiel object| sugawps object| slmct object| samct object| google_shadow_mode object| google_privacy_treatments object| google_xz object| rc object| adsbygoogle function| gtag object| dataLayer object| ggeac object| google_tag_data object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| $ function| jQuery number| uidEvent object| bootstrap object| toastr object| google_tag_manager function| SimpleBar function| ClipboardJS object| webpackChunk object| JsLoadingOverlay function| onYouTubeIframeAPIReady object| gaGlobal function| google_sa_impl object| google_image_requests number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| googlefc boolean| adsbygoogle_ama_fc_has_run object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| Zjk2OThjNjg0OTM2MDRjZmxvYWRlcl9qcw== string| Zjk2OThjNjg0OTM2MDRjZmNhY2hlZF9qcw== object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady number| __google_lidar_ function| __google_lidar_radf_ boolean| 1ff5b11f-ebe7-4040-b6b7-c976530fa125 object| GoogleGcLKhOms

24 Cookies

Domain/Path Name / Value
noxfile.com/ Name: XSRF-TOKEN
Value: eyJpdiI6InJPa2NTV3hBeUxudzZkdzI3blRtZmc9PSIsInZhbHVlIjoiWEFZbFBuanBhVTZQaXJjS0RMV1ZRSTNyYWY2NjFDcC9CK1F1bnRxN3g5SWcvSk9wUjVzZDVQTTJRNlJtZ3BDR1RzRWJ5MjJYS2NqRitmUTg3VUQ4MFVlamZPUE8rbStybUtoQjJLY2lXYmNpV0NoRmdsdnpaZjFEdDJUOFlKamciLCJtYWMiOiJhMDcxYzJjOThkMGZlNWI3MDM2MGVlZGIwZmM2Yjg2NzUwMTgxNDNkYjg5YmY2YTQ5OGQxODBiMGU5NjI4ODVkIiwidGFnIjoiIn0%3D
noxfile.com/ Name: apkbob_user_session
Value: eyJpdiI6InlZT0hvS2lIUldiZlVvWDRMR1FiTVE9PSIsInZhbHVlIjoiNjdoMDRPbkhqS1FET3A5THU2MHVhc3pCRk8xNTJjSEtvVGEvR0ZCbGd5emY0amhUK1ZxR3QyZllaTzhlMnMzK2JZUFZYcjl2VGpBSEprOUVuOURTMzBBUmZFOFdPRjJ6NFhaTG1vRXF2VHdYY0Z3TXlweWVNT1NlQTNoSnlseDgiLCJtYWMiOiJjNjU4YTliOGQ1MzkwMmE3YjdkYWY0NGU5MGFmNzY0NmQwNDAwNmE0NTEyMGI1N2ZjNGNkYTY0NmY0NjgzMmJiIiwidGFnIjoiIn0%3D
.noxfile.com/ Name: _ga
Value: GA1.1.1405663897.1708898912
.noxfile.com/ Name: _ga_52Z949DQFZ
Value: GS1.1.1708898911.1.0.1708898911.0.0.0
.noxfile.com/ Name: __gads
Value: ID=4b1161e4e1dc7bcb:T=1708898912:RT=1708898912:S=ALNI_Mb0kiFWR5-18-BPgagSTpoqlBVKeQ
.noxfile.com/ Name: __gpi
Value: UID=00000dcd0ac1b5d8:T=1708898912:RT=1708898912:S=ALNI_MY7h96n5zU2jj8DjfZnd2mkLJLXGg
.noxfile.com/ Name: __eoi
Value: ID=0d2d9dedc6354931:T=1708898912:RT=1708898912:S=AA-AfjYa-WxQIFiJ2UiWcBZjRavH
.doubleclick.net/ Name: IDE
Value: AHWqTUkBTSmfl9mvGDxRecF49dpv3FxREt7xVTw2LkdlKSdulJeY3N5XzpXMnBp2Wrk
.noxfile.com/ Name: FCNEC
Value: %5B%5B%22AKsRol8EthyxJIyGduzNNnOCMjSe-7TZ6CNwmXbQXaphSGxoW1Bajoqch1CSJrvUUGhSWT52OPCgwt6P7McpscvfQv39GqgsKF4os-47y7KEvOXJgoZxzSFRuQVpU3Wvtr4ve5DnEFUUyOvaesuciKQAoeOeqnG6og%3D%3D%22%5D%5D
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSMjcyNrI0t7A0MDewtLC0NDOxEOIz1M0pLDCPKDf0C0gPygAAoi7MLSQAAAA
.rfihub.com/ Name: euds
Value: H4sIAAAAAAAA_-OSMXR2dA12dTbyM3RK1S1NKzQ09zIuDKmyzPJL9QUAEctpwR4AAAA
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_-OSMXR2dA12dTbyM3RK1S1NKzQ09zIuDKmyzPJL9Q3iNTQ3sLCwtLA0NDY1MHrFiMoHAKdrmBU9AAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSMjcyNrI0t7A0MDewtLC0NDOxEOIz1M0pLDCPKDf0C0gPygAAoi7MLSQAAAA
.doubleclick.net/ Name: DSID
Value: NO_DATA
.yahoo.com/ Name: A3
Value: d=AQABBGG622UCEF-sQ2ySSXKhnlW1iAzzaU4FEgEBAQEL3WXlZQAAAAAA_eMAAA&S=AQAAAm5rbk3voHZVW1p2pgxMi6c
.inmobi.com/ Name: idsp_c
Value: da41bc2f-3721-44f0-84cb-4a5bf10aa721
.quantserve.com/ Name: d
Value: EC4BCQGdK4EA
.quantserve.com/ Name: mc
Value: 65dbba61-7cbbc-7d062-0f2ce
.travelaudience.com/ Name: _tracker
Value: %7B%22UUID%22%3A%22E5197EA9-4B57-4E32-364C-B80A1164B061%22%7D
.adkernel.com/ Name: ADKUID
Value: A4633064844784784082
.e-volution.ai/ Name: ADK_EX_193
Value: 1
.e-volution.ai/ Name: ADKUID
Value: A4633064844784784082
.googleadservices.com/ Name: ar_debug
Value: 1
.send.microad.jp/ Name: TR
Value: 3e7fbced5f457a095fa4325ac5420ac94b75bcb6cab58ebf

33 Console Messages

Source Level URL
Text
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://noxfile.com/isZIXtiiKj9Vy6T
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.rfihub.com
ads.travelaudience.com
aid.send.microad.jp
cm.g.doubleclick.net
cms.quantserve.com
dsp.adkernel.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
mweb.ck.inmobi.com
noxfile.com
pagead2.googlesyndication.com
pr-bh.ybp.yahoo.com
rtb2-useast.e-volution.ai
securepubads.g.doubleclick.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
142.250.65.162
142.250.65.194
174.137.133.49
199.38.167.131
20.253.86.149
202.233.84.1
2600:1f18:4e9:5a01:9adc:208f:c746:3dd2
2606:4700:3034::6815:2454
2606:4700:3036::ac43:bead
2607:f8b0:4006:809::2001
2607:f8b0:4006:809::200e
2607:f8b0:4006:80b::2004
2607:f8b0:4006:80e::2008
2607:f8b0:4006:80f::200e
2607:f8b0:4006:81c::2002
2607:f8b0:4006:81f::2003
2607:f8b0:4006:81f::200a
2607:f8b0:4006:823::2002
2620:116:800b:21:b08a:1dc5:659b:4055
35.190.0.66
00f5837a8213ea64a50f91b2bdd0fafac9c100f8e8a43a03beba9fe4a0f94324
068123d4c4589cecb90523791256c9c9277a306172601593fd9b6414420056f3
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ed70f2c83563457c67ef5a6ba4aa58ac30914e9fe36e769d8f85abf60845cf9
11af2195e813c746e06f5dfccc66a824263d97395721fd109fc820cafcc7e1fc
153433568e279e2e691cdd7b3dce0ebc0b86b89c970bbe61417671982f7c1d61
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
188a706590dc9e898c5c90a1da8346a9bc732cad28884386fbf20b05f4e83594
1be58ac66106f8f26b344b506dbca6968b96606a5bb9f89dac5678dfaf9522ff
261ffa06f381039cf7d18984d1364c59f3c2b9b60b1fa05d5f9c8c152e4d5be5
28fbe06d8381c0815b6642d9c0bd90e9828073f371134851a19121576ec22587
2a161403cbd9d9710b6ccb29bb347f70c20e81a3095d8e080a84f80678e07c0a
2ea39ec84363589d551f83678b18a85685d20fcaa31fbe845d36b4c880873421
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
35ae53cd6f0cde71e622f6e54dc576bb82ffab56c9e41b1298f932eebf963eb9
39c3c7a018149bfa70ac78df0f5d49a74c909da2aed3c7c9ae24a5592e9bbff9
457d42dfc58373e2b07655f896ed685ba9729c2111684fd6eb02bf3697634939
4a4b98cf63f1b73d1fa5ca182c399231f8598843c8e85c6f9c76ec06d0a4fae7
4dbc0107532286cc45b0a0a42cbc2bc4ad1a9ad08247d5cc3540d17c519aa382
53c9b7dcd76cbe43ed0ad40605b09ef24c3e30a05e0b7bf9b3be1502d07fab84
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56f1018c32be3d6be2fbe926c035e3e2321fbb09d5a04abdb45ddf3cfc3ae085
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
628ae53e048ba9b9210bfac0e07ac3f1bfbfcea4902919b54a5fda2b215871d6
6a274e7629c0d71dcf8cab1e7733687ebfe32e2c53b4ca9fad050b4f1d5471f3
79b93c5200d6753fa61794c75866628d3dedfbd45a126d7acc7dbce42486dee7
7ae3dcf8002e428f15567c5a304172fe086cf525cc41c02a83c091989152e4cf
7fe565f3385448e1ec8d57dc2c1639d723561f1aabc2e3d547e284bbf9f9b073
82808a77a6a254dacba4fbff29b050af1f4fe798c8cdb4c29fff785cd0a69a26
898996c96e8958444d5299c1393424ea6cd5a9ff4b6c952f321e96128525cb1e
8f27c2a51f4f713efda3881de03697fdce7a5022874d94d5256e106e0322d598
978eb03abc9e4ebf84b075a7c1cf6c5672e0db6e30d65859243d827559741247
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9d45a35c655775f855c086ee6839bab57c07390900cbdb3037691f1e5a8cd84f
a012aa63115b1e462aa462d543a8e926fcfc269b6755ac7a40ab56f1897fbbe7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a34df602208737c03a159949be4f22ed4c843ce4dbd5a0211ae34ec190fd6403
a609f2b2b86a2e2b5eed9fcd81afba534db26f2bfbb5a2bc7024898e472ee927
aa93542a32fca930831ac527b9535066e580398a72981043b58a8d050e9ff398
ad82cb0fcc21b8da71a7908392ade81849cbb12e8202341f8a65d382a164cdd8
ae382d9fb8fa5a70de8903c013eb6450b589fe54a997a4cc70bf55c004cbf53c
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bf78ca7a81ed0cb9ef6a8252ca6dac6e27a91e1ca9f3f916a4b634245e0eb639
c10edb5c58659d8dffd902de4a2595d7269da9a62b8e776c2e694e387b077524
d2ec1c907004fb1a0d9ade9e9f5d3b19efb55a0319dbaadaea734d86cb5e4c66
d5e2cfc10e90c257761d93ea813670288980565c75ecb14efe3e2851a6bf76a7
d76fb4e841748a3f6bc63efa23156e02631c283bf41f84efcbdaf339ea3e1b73
e07aec0575ae20378a903f785e96532af4eff8d6a902a2f6e0eb39bd96b5df1a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7afde571c53d192943a40b3b7f109e698bb47e6d6424bc7d1f53a7cb9466360
ec1d799ea15ca9389d9dcd1f5d5c9698d612204464a24020099137878484a168
ed7d369f48a1d0ad3dc495d2b7aedb4c5a5bca77207a7fe279afb3e0bb748b72
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efae00f257fbdd16f945d40156928e4d796449859e1a4dc05fde50f61f61840a
f13b32e612863a4776a59c4767e0d55c2339defea65adb7ce65c1e347749d1f7
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f8f9643b266aa1ecc111eeca95499700f16cc2b322840f8b731c47cf093c1088
fcf6d89a0b8544243c1f268573197d2a404e618de271dafd439f1ceb517e9ccd
fea3613db9aaa1b0bacd5788ebc10a9b1122f66e0d2eb277ddd8e7d0ede4bd3f
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e