URL: https://www.heaven32.com/download/checkout/
Submission Tags: falconsandbox
Submission: On February 07 via api from US — Scanned from DE

Summary

This website contacted 22 IPs in 2 countries across 16 domains to perform 130 HTTP transactions. The main IP is 2606:4700:3036::ac43:aa86, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.heaven32.com.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.
This is the only time www.heaven32.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
41 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
tpc.googlesyndication.com — Cisco Umbrella Rank: 157
639 KB
20 heaven32.com
www.heaven32.com
220 KB
14 google.com
www.google.com — Cisco Umbrella Rank: 2
fundingchoicesmessages.google.com — Cisco Umbrella Rank: 1143
cse.google.com — Cisco Umbrella Rank: 3031
clients1.google.com — Cisco Umbrella Rank: 469
342 KB
14 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
281 KB
11 gstatic.com
www.gstatic.com
fonts.gstatic.com
1015 KB
9 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 145
partner.googleadservices.com — Cisco Umbrella Rank: 4684
592 B
7 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
10 KB
4 adsensecustomsearchads.com
www.adsensecustomsearchads.com — Cisco Umbrella Rank: 2528
54 KB
3 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 230
195 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2029
21 KB
2 googleusercontent.com
afs.googleusercontent.com — Cisco Umbrella Rank: 9526
1 KB
2 acelitchi.com
app-cdn.acelitchi.com — Cisco Umbrella Rank: 605489
16 KB
2 apkmirror.com
downloadr2.apkmirror.com — Cisco Umbrella Rank: 613941
26 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
151 KB
1 majorgeeks.com
www.majorgeeks.com — Cisco Umbrella Rank: 303401
33 KB
1 updatestar.com
w2.updatestar.com
3 KB
130 16
Domain Requested by
24 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
tpc.googlesyndication.com
20 www.heaven32.com www.heaven32.com
17 pagead2.googlesyndication.com www.heaven32.com
pagead2.googlesyndication.com
googleads.g.doubleclick.net
tpc.googlesyndication.com
www.googletagservices.com
14 googleads.g.doubleclick.net 4 redirects pagead2.googlesyndication.com
googleads.g.doubleclick.net
8 fonts.gstatic.com fonts.googleapis.com
www.heaven32.com
8 www.googleadservices.com www.heaven32.com
googleads.g.doubleclick.net
8 www.google.com 2 redirects pagead2.googlesyndication.com
cse.google.com
www.google.com
tpc.googlesyndication.com
7 fonts.googleapis.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
4 www.adsensecustomsearchads.com www.google.com
www.adsensecustomsearchads.com
3 fundingchoicesmessages.google.com pagead2.googlesyndication.com
3 www.gstatic.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
3 www.googletagservices.com googleads.g.doubleclick.net
2 cse.google.com www.gstatic.com
www.google.com
2 afs.googleusercontent.com www.heaven32.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 app-cdn.acelitchi.com www.heaven32.com
2 downloadr2.apkmirror.com www.heaven32.com
2 www.googletagmanager.com www.heaven32.com
www.googletagmanager.com
1 clients1.google.com www.gstatic.com
1 partner.googleadservices.com www.google.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.majorgeeks.com www.heaven32.com
1 w2.updatestar.com www.heaven32.com
130 23

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.pinterest.es
Subject Issuer Validity Valid
heaven32.com
GTS CA 1P5
2024-01-25 -
2024-04-24
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.updatestar.com
AlphaSSL CA - SHA256 - G4
2023-07-11 -
2024-08-11
a year crt.sh
downloadr2.apkmirror.com
Cloudflare Inc ECC CA-3
2023-09-03 -
2024-09-02
a year crt.sh
acelitchi.com
GTS CA 1P5
2024-01-13 -
2024-04-12
3 months crt.sh
majorgeeks.com
R3
2023-12-25 -
2024-03-24
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.google.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
www.google.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.googleadservices.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
misc-sni.google.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh
*.googleusercontent.com
GTS CA 1C3
2024-01-09 -
2024-04-02
3 months crt.sh

This page contains 17 frames:

Primary Page: https://www.heaven32.com/download/checkout/
Frame ID: D9754A5DF64DD7B7F00667364BA19E2E
Requests: 56 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240205/r20190131/zrt_lookup_fy2021.html
Frame ID: 2BA9F1D404D134A2616E13BEB2D9F0D9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&adk=1812271804&adf=3025194257&lmt=1707283698&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x1080_l%7C188x1080_r&format=0x0&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697973&bpp=5&bdt=295&idt=160&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6438787591612&frm=20&pv=2&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=172
Frame ID: A47EE469C8A0E53B7F842E1492C47322
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Frame ID: B4621FFA65E08D10567AE44FDF304FC7
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Frame ID: 5E852B560D337A8787AE8F913A5BFBA9
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Frame ID: 9A757E859DBF378AC6F6B45AE24E71DA
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Frame ID: 9E4D38022297D60F0B46C79C0099D1F7
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 3BCC16BA1DA945476D1D2542C1359421
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Frame ID: 0FEFAD3BA1FD1AA2DE1F3F63FAADC3AC
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Frame ID: 4C6062151D13D313976928532E088BB9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: EAE064E5A8519FE2C866A25A972E7566
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Frame ID: 1A853A5BF26F2B0E20ECE05A228893A0
Requests: 1 HTTP requests in this frame

Frame: https://www.adsensecustomsearchads.com/afs/ads?psid=5134551505&channel=AutoRsVariant&cx=r-d03190f8f32be5cbd&fexp=44808457%2C21404%2C17300000%2C17301197%2C17301352%2C17301356%2C17301374%2C17301383%2C71847096&client=pub-7130643274838149&r=m&hl=en&rpbu=http%3A%2F%2Fgoogle.com&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&format=r5&nocache=1071707283699218&num=0&output=afd_ads&domain_name=www.heaven32.com&v=3&bsl=10&pac=0&u_his=2&u_tz=60&dt=1707283699218&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=4648&frm=0&cl=603129119&uio=-&cont=autors-container-0&drt=0&jsid=csa&jsv=603129119&rurl=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F
Frame ID: B2CD39A718067B89C15DA73CD36C7040
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Frame ID: 48DAABE9CC4F419BF451B2F2101DA7E4
Requests: 1 HTTP requests in this frame

Frame: https://www.gstatic.com/prose/protected/558153351/iframe.html?cx=r-d03190f8f32be5cbd&host=www.heaven32.com&hl=en&lrh=Search%20results%20from%20%24%7Bwebsite%7D&client=partner-pub-7130643274838149&origin=https%3A%2F%2Fwww.heaven32.com
Frame ID: 8A9977F8C54B0E79DFE4DA9809A8E1D2
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9AB5E097835FB4C20B823BA45AA6A09C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D5A9E34189361B38FDA67DD266408D10
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Go to Download - Heaven32 Downloads

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

130
Requests

97 %
HTTPS

90 %
IPv6

16
Domains

23
Subdomains

22
IPs

2
Countries

3009 kB
Transfer

7146 kB
Size

14
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 55
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C5ePf8hTDZf2lDcfy1PIPieya2A3m0-n6ctKOs7O5EqKUxJKNDhABILq79HdglYKAgJgHoAH34pu0KMgBAqgDAcgDyQSqBJMCT9DBdv0Ro7KoH5Tm1CD6vD04yt5ff9CNtb25eaAeIqGnxPaPd-2QOIidoFs9xPSPMyAQInHcugdTcmW_N4y7y55e88nSD4YtIg--bl5Rq7q-IJLX8-CgjbEdAE5CJHr51sjXA8GzYp1MFFNvkc0zFhufw_qiiRRuXIsL2gPn5vwWKy34TdppDxVKfK5P7erTaErFnJcGu_FhvuZt9uSI4HUEThdy1XSqB7yQxz7vu4tH9YxTGIaIJy_vGVv9W8JdBozd1j9y2iIu-hjDXbX78s-pQUGtoE4D03Ym_yNtVCPd76x-aD5msLuaCXKCuQev6zI6HXBRWB4ALDmfgPenETxIbebHdyDdvbpxnXWR7y_zIfHABOKo8IrHBIgFu_eAw0ySBQQIBBgBkgUECAUYBKAGAoAH95rskwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBCz5xHSCCYIgOGAcBABGB8yAusCOgmAQICAhICAhAhIvf3BOljlx_Oyv5iEA5oJQGh0dHBzOi8vZnJlZS53ZWJjb21wYW5pb24uY29tL21pbmltZS9kZS9lbi8_Y2FtcGFpZ249MjA1NDE2MTkxMzGACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNzEzMDY0MzI3NDgzODE0ORgA&sigh=HsP8Ae03WOQ&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_J4OlL2apn-IbLH6d_uK7YRdJR24Rld4EbpZiuZhX2I6MfF7riyHprry1PvGGTeGoRDIsmvxCMJD3CkryqqwFDAWTCPT4hrTYTf4YAQ&cbvp=2&vis=1&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225479993392940725917%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213731706945205174897%22}&andc=true
Request Chain 73
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C3LGa8hTDZcWbDK2Xx_APqZ24kAPjtc7NdaaSvqeWEsCNtwEQASC6u_R3YJWCgICYB6AB3fCqwCrIAQmoAwHIA8sEqgSXAk_QbfoTzHQVDZdc-DB6fO9nhA_6UQvpeixDPz04CQB6MNUDfu3SttA5S_-A8vOwN_jsCKgBTdZ9uza-5wfX8e49mMN4nVAIjBBimzyULVMmZe7D02-KFa3YhpBSCBbZPNyTo0At5ZE7gXCd7vzGCFvmvVNLNHQxAbyBQWpK5dOr34TrETDXheUKIisN91nYqdLRJDAWOHrYwqdWPXpGYbrDU4pUA9o3PmJAMXf6LwWOnfBUZCN4xV-aNOuQwXqm8r5AWvjYdATi3V06e1kDiNn-hKgRvnJg7T6FBkz7m3Ssn5QZO0rHhsQjZVtGcuBYlHW2PtDl7xKbP5kv2h072GvmYXCetY1UZq6_uSO8zriiimSOHxwnT8AEhMGk_dcEiAXiivG6TZIFBAgEGAGSBQQIBRgEoAYugAfdqPufBagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFELHz7AHSCCYIgOGAcBABGB8yAusCOgmAQICAhICAhAhIvf3BOliTwPKyv5iEA5oJjQFodHRwczovL3BkZml4ZXJzLmNvbS9kb3dubG9hZHNIb3cuaHRtbD9jYW1wYWlnbl9pZD0yMDc5MzAxNzY5OCZhZGdyb3VwX2lkPTE2MTA1NTU4MDI5MiZwbGFjZW1lbnRfaWQ9d3d3LmhlYXZlbjMyLmNvbSZjcmVhdGl2ZV9pZD02ODg3NDUwMzc4MjGACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItNzEzMDY0MzI3NDgzODE0ORgA&sigh=PE_Xk8kim20&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_nq9NbU8Ijaq5bTjXFu46R3xCTd2nv69fj4vjAoFuIWOK5V5cmEHcAYFQBy0Hmj_or9E5l5eD59HCrD8SMW58aI6o4iNRY3osvxgB&template_id=5000&cbvp=2&vis=1&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228929615983204493068%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211409209437%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226987908962194940417%22}&andc=true
Request Chain 92
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CIQYh8hTDZZvqCov11PIP9Iut8A7Y7qfddYT92ejWEs3GibyFKhABILq79HdglYKAgJgHoAH52O7iKMgBCagDAcgDywSqBJgCT9CiDD-3S2b_o0m3JsUcNlqMoMHfKx6h2P2I_4MFfZNmZ2iAc_rY_0WaP2zXwU2iGjbdsgFwpoJBX1tRvKJErZpW1GvklbrOe5RXDPJ1C1SUO93FvW4YqGRAW9N1vzroDlxZ8hWJWxG0HJqGI4_x5nuw7fYX0NXqwL7aaAyrFjZveJCsVwqJWMwDDC8KrpZYdj1q9Hd8n4Mwvvzc8p8Byk3eAlg5qS5ouwq-1TaSwJPw-2c9Yc1ZCCeFqsCqKy4wYQ94uai28nzQiAre5cGptqfuRBUlVANwUW-XcTTcs6JKeD1w8F-1fAqOJloGPCvmnTEIY1WLp4bPFwAOTSvzfBWPtL0rKcNfEnwzjlgpu62fnH2aFBHjAcAEkPWzzM8EiAWitPSGTJIFBAgEGAGSBQQIBRgEoAYugAf-p8nCA6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcFEMHojgLSCCYIgOGAcBABGB8yAusCOgmAQICAhICAhAhIvf3BOljqj_Gyv5iEA5oJZ2h0dHBzOi8vc29zLXBjLmtpbmdzZ3JvdXBnYW1lcy5jb20vZ2cvbGFuZGluZy05OC1lbi5odG1sP3V0bV9jYW1wYWlnbj0yMDQxNTU2NTQwNyZ1dG1fbWVkaXVtPTA3MTJfQXNzZXSACgHICwG4E-QD2BMM0BUBgBcBshccChoIABIUcHViLTcxMzA2NDMyNzQ4MzgxNDkYAA&sigh=fJV8VwH_FAk&uach_m=%5BUACH%5D&ase=2&cid=CAQSTgAvHhf_Q_EOqUHCOtr_jYTNe0rPDPUVQ6gBDYOrVB8S8uORLEzdAmCK_uugW843bN3u3fANsZ4CFScX1MtuFbsoGl-XMwJXckcrxoiKmhgB&template_id=484&cbvp=2&vis=1&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214137239820251471331%22,%22debug_reporting%22:true,%22destination%22:%22https://kingsgroupgames.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210944752761%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215445093730970453089%22}&andc=true
Request Chain 101
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 102
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CuAaw8hTDZfj5DIO2x_AP4PeO8A_m0-n6ctKOs7O5EqKUxJKNDhABILq79HdglYKAgJgHoAH34pu0KMgBAqgDAcgDyQSqBJMCT9Dbj1AR1bzZ9pZdMJc92jf-TLXKOzPwpybtTIAuxH97pQC9YfHUVRjqpxO5mF3k9SvKho9u0kSDH6Jjcbl-v0VKSVg_TLT3Lomlr_g2lwfSCpya583w_PB_KxzlnbYGHaNpXS5mI18Hl7mMKerGfihMY7qEvv3bfrMnB3MjgVnANm6vhk_qKbyxXIu4t5nNXvdBfIbiJhGbj1QXU0bXnCp7kOp0s2XrdMZ4TGwhCrVpzXJm9t__RL2nhtutCCcLqLSgsv3tSsOh0VNCvizXA4YIZGYFeuVRucQ9doTd5NFRM6Uu4rtLtgEC2cqWUmrnXZyaOUHdAso0KZ33MVaXnJbFLlRxgHbp3FBv3AY3lXSQ6yXABOKo8IrHBIgFu_eAw0ySBQQIBBgBkgUECAUYBKAGAoAH95rskwOoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDt71LSCCYIgOGAcBABGB8yAusCOgmAQICAhICAhAhIvf3BOli3n_Oyv5iEA5oJQGh0dHBzOi8vZnJlZS53ZWJjb21wYW5pb24uY29tL21pbmltZS9kZS9lbi8_Y2FtcGFpZ249MjA1NDE2MTkxMzGACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNzEzMDY0MzI3NDgzODE0ORgA&sigh=_3JXGQmT1P8&uach_m=%5BUACH%5D&ase=2&cid=CAQSTwAvHhf_Ww7L6GMvd3YlM41U1H6L0pwTga44XLg5OQT1HSvf4rF2qePdhKr2fEqFEsFuwv3hKAGk-G9Qc7izhgCYiP11swcci8wM0bNDDI4YAQ&cbvp=2&vis=1&nis=5 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22644877571288463081%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229152933703077360913%22}&andc=true

130 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.heaven32.com/download/checkout/
57 KB
12 KB
Document
General
Full URL
https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.33
Resource Hash
249e8a64c2b705c28b895bce2471c914db653152ab5f3f20c04a0e072ad83139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
cache-control
no-cache, must-revalidate, max-age=0
cf-cache-status
DYNAMIC
cf-ray
85193a826d3c35ea-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 07 Feb 2024 05:28:17 GMT
expires
Wed, 11 Jan 1984 05:00:00 GMT
link
<https://www.heaven32.com/download/wp-json/>; rel="https://api.w.org/", <https://www.heaven32.com/download/wp-json/wp/v2/pages/4>; rel="alternate"; type="application/json", <https://www.heaven32.com/download/?p=4>; rel=shortlink
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
PHP/7.4.33
x-xss-protection
1; mode=block
style.min.css
www.heaven32.com/download/wp-includes/css/dist/block-library/
107 KB
14 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 18 Nov 2023 10:11:48 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86898e35ea-FRA
x-xss-protection
1; mode=block
adsforwp-front.min.css
www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/css/
1 KB
596 B
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/css/adsforwp-front.min.css?ver=1.9.21
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b72805902e02fb3e4dd61d116e8f34a240f5609bdfb0c699ffb950a418e5a162
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:14:16 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899035ea-FRA
x-xss-protection
1; mode=block
rounded-thumbs.min.css
www.heaven32.com/download/wp-content/plugins/contextual-related-posts/css/
1 KB
491 B
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.2.3
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
088cb0b5b803bbf57403577861d1f063b6a45fe9fd7adcfab7944f962ac81be9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 03 Jul 2022 17:21:49 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899135ea-FRA
x-xss-protection
1; mode=block
dashicons.min.css
www.heaven32.com/download/wp-includes/css/
58 KB
34 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-includes/css/dashicons.min.css?ver=6.4.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sun, 03 Jul 2022 17:30:10 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899235ea-FRA
x-xss-protection
1; mode=block
everest-forms.css
www.heaven32.com/download/wp-content/plugins/everest-forms/assets/css/
31 KB
4 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/everest-forms/assets/css/everest-forms.css?ver=1.9.2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10cc6385b3ea4e2ddfc442129a8606323f404bb2d4961b496ee0b97d7acb0d4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:14:13 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899335ea-FRA
x-xss-protection
1; mode=block
edd.min.css
www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/templates/
18 KB
4 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/templates/edd.min.css?ver=3.0.2.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87dd11072eab9b9d87f8dd180e6b2931c7e62b449706cd33e68b8e7e5ded44b7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:08:49 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899535ea-FRA
x-xss-protection
1; mode=block
style.css
www.heaven32.com/download/wp-content/themes/vendd/
103 KB
17 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/themes/vendd/style.css?ver=6.4.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5dfd53018fc86b6f5d83ce1be059401c522c31ad99fcce0ec365bf02556a1269
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Aug 2021 10:11:10 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899635ea-FRA
x-xss-protection
1; mode=block
font-awesome.min.css
www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/css/font-awesome.min.css?ver=1.2.5
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Aug 2021 10:11:10 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899735ea-FRA
x-xss-protection
1; mode=block
jquery.min.js
www.heaven32.com/download/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 18 Nov 2023 10:11:48 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899835ea-FRA
x-xss-protection
1; mode=block
jquery-migrate.min.js
www.heaven32.com/download/wp-includes/js/jquery/
13 KB
5 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 18 Nov 2023 10:11:48 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a86899935ea-FRA
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/
192 KB
70 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-145434812-11
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7b66fde5f20dacd830c817fd4e423cd3ca92103aca3a52600452c976b3c0ddfa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70931
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 07 Feb 2024 05:28:17 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
151 KB
52 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
99d93010bd12f4b66e9430211b840536f5e80ad38e782ccbe5eb4efe984bec8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52390
x-xss-protection
0
server
cafe
etag
4248709378211669311
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Wed, 07 Feb 2024 05:28:17 GMT
logo-heaven32.png
www.heaven32.com/download/wp-content/uploads/sites/5/2021/03/
2 KB
2 KB
Image
General
Full URL
https://www.heaven32.com/download/wp-content/uploads/sites/5/2021/03/logo-heaven32.png
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25baa7d2055cb46954f417e638ba2d1aae29a8af3f182c6dbd85dbe3a410c002
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 02 Mar 2021 13:51:03 GMT
server
cloudflare
cf-cache-status
REVALIDATED
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85193a86a9ad35ea-FRA
content-length
2161
x-xss-protection
1; mode=block
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
151 KB
52 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-7130643274838149
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6d60c8c726afe91cde8cb5ca9a0db580cec3ff46d9b9228d244cc7f7cc173c5f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52392
x-xss-protection
0
server
cafe
etag
7732728967621996606
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Wed, 07 Feb 2024 05:28:17 GMT
5391064.32.png
w2.updatestar.com/img/icons/
3 KB
3 KB
Image
General
Full URL
https://w2.updatestar.com/img/icons/5391064.32.png
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2a01:488:67:1000:523:fd96:0:1 , Germany, ASN20773 (GODADDY, DE),
Reverse DNS
Software
/
Resource Hash
fdd8c9b53242b8461e07964105d236c96392ae526be015820dda3619a83a75fc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date
Wed, 07 Feb 2024 05:28:17 GMT
Cache-Control
public,max-age=31536000
Last-Modified
Wed, 07 Feb 2024 04:58:13 GMT
Accept-Ranges
bytes
ETag
"276e47418259da1:0"
Content-Length
3175
Content-Type
image/png
google-tasks-384x384.png
downloadr2.apkmirror.com/wp-content/uploads/2021/09/
14 KB
15 KB
Image
General
Full URL
https://downloadr2.apkmirror.com/wp-content/uploads/2021/09/google-tasks-384x384.png
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:883a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fb14dcb97adfbdead753a1608a50bda5c7764cf78c5e363ae3ee125bdb1dea5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date
Wed, 07 Feb 2024 05:28:17 GMT
CF-Cache-Status
REVALIDATED
Cf-Polished
origSize=18205
EU
true
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
14535
Cf-Bgj
imgq:100,h2pri
Last-Modified
Sun, 23 Oct 2022 08:56:11 GMT
Server
cloudflare
ETag
"5cd3049a0043d48fbda9c1116a0cb371"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public, max-age=31536000
Country
DE
Accept-Ranges
bytes
CF-RAY
85193a870e2a8ffe-FRA
Expires
Thu, 06 Feb 2025 05:28:17 GMT
XGD7JJcx5xAM0ib.webp
app-cdn.acelitchi.com/prod/app/2022/12/16/
10 KB
10 KB
Image
General
Full URL
https://app-cdn.acelitchi.com/prod/app/2022/12/16/XGD7JJcx5xAM0ib.webp
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad34faf8b276504ce025fa4c791c2a995811b232edd70111c9e34e6ab5d1f4a5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Wed, 07 Feb 2024 05:28:17 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
H6WS248X82CHYVFG
age
1201655
x-amz-server-side-encryption
AES256
x-77-cache
HIT
x-accel-date
1705972322
alt-svc
h3=":443"; ma=86400
content-length
9998
x-amz-id-2
9E9fYNjowBbVQGkgSVZrasekYFpg7QWkYnnqQ6DBMcuBa+9DopwV6OjY37JeydnpOQHfk+3Hs08=
x-77-nzt
EggB1GY4sQFBDAGKxyXEAfcshAEA
x-77-age
99372
x-cache-lb
MISS
last-modified
Fri, 16 Dec 2022 04:34:33 GMT
server
cloudflare
etag
"f16f4193564f00e7fb089c6873d5df97"
x-77-nzt-ray
1cb09c0e272888ec8e96b065eae4dd1c
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kp4y0vtBWzRadTITSVwC0QUPmoi4uZAyaLhoEVkFu40llEuP9XH%2B%2FMlveBSGTnaKa0jIfD81Wa3z2Br0UvUVX6JhMbTSrX0hy0y%2F2JwIBzBw56JVRV5UX%2FrLTgMxgvU2xnbmHxI9tPSOxoci9IGqowl4MbA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85193a87bcfe5d80-FRA
LL7FlEqcxkz951a.webp
app-cdn.acelitchi.com/prod/app/2022/12/16/
5 KB
6 KB
Image
General
Full URL
https://app-cdn.acelitchi.com/prod/app/2022/12/16/LL7FlEqcxkz951a.webp
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
55265541c0f23c7f8baf69c9ea0224c69e40b6bd1b9f16efafaa5c148e3ff396

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Wed, 07 Feb 2024 05:28:17 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
TDM1EG9S6MC6HG9D
age
2127897
x-amz-server-side-encryption
AES256
x-77-cache
MISS
alt-svc
h3=":443"; ma=86400
content-length
5208
x-amz-id-2
9hwALvSF7hmA/Btynep0hOtnR8xhskSM1gLuCpjtNRcWA3f+Q/Gq1bazoDGMDHRt0iJe2fy0/9iKrhz694ansQ==
x-77-nzt
EggBnJIhiwFBCAGckiEnAYE
x-cache-lb
MISS
last-modified
Fri, 16 Dec 2022 03:53:40 GMT
server
cloudflare
etag
"0a81c5ad61f83eb224df495455afe22d"
x-77-nzt-ray
cf878727a9d700f74711a16524a49b37
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KBR0JLbCbRX2wiA3CcSLRAX%2BOCtUxa6MMOaaKL5kwA9U8%2BaSQXV1VK6asVnv6upNiwJ02En%2F2v09%2FAKBW2AsSRfpn6i%2BT48DL2ccLOg0xm5cZovk%2FCtZfdL8v1vzk1JeLhCb78ZhKITZeatQfmWe4Vc0vEc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85193a87bcfc5d80-FRA
30896_portableapps.com+installer.jpg
www.majorgeeks.com/files/file/
33 KB
33 KB
Image
General
Full URL
https://www.majorgeeks.com/files/file/30896_portableapps.com+installer.jpg
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.81.2.245 , United States, ASN16276 (OVH, FR),
Reverse DNS
majorgeeks.com
Software
Apache/2.4.10 (Debian) /
Resource Hash
610da555b02388e6bca220e6fa99208f5f550196bf4d1adb033c2d7eb1fe630a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date
Wed, 07 Feb 2024 05:18:35 GMT
Content-Disposition
attachment; filename="portableapps.com installer.jpg"
Server
Apache/2.4.10 (Debian)
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
33289
Content-Type
image/jpeg
655710a92f0a2_com.cisneros.venevision.app-384x384.png
downloadr2.apkmirror.com/wp-content/uploads/2023/11/46/
11 KB
11 KB
Image
General
Full URL
https://downloadr2.apkmirror.com/wp-content/uploads/2023/11/46/655710a92f0a2_com.cisneros.venevision.app-384x384.png
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:1::6813:883a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8b4c061a679342b5f4f0b99f3d7cf5f255775e027c7218659222dc49be87d43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Date
Wed, 07 Feb 2024 05:28:18 GMT
CF-Cache-Status
MISS
EU
true
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
10923
Last-Modified
Fri, 17 Nov 2023 07:05:19 GMT
Server
cloudflare
ETag
"7b37e57f7cc359670a7d198fc7c1fce2"
Vary
Accept-Encoding
Content-Type
image/png
Cache-Control
public, max-age=31536000
Country
DE
Accept-Ranges
bytes
CF-RAY
85193a876c7b19af-FRA
Expires
Thu, 06 Feb 2025 05:28:18 GMT
ads-front.min.js
www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/js/
7 KB
3 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/js/ads-front.min.js?ver=1.9.21
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1a86586e73a2daff4b9bccc2eef0e09c34c1683c5487e710a7f10c742f6bce0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:14:16 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a1d35ea-FRA
x-xss-protection
1; mode=block
ads-frontend.min.js
www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/js/
1 KB
452 B
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/ads-for-wp/public/assets/js/ads-frontend.min.js?ver=1.9.21
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dab5fc88424d51257fc91bb0cd946e4f61dec6af379c8c6659a4e4d231ff607b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:14:16 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a1e35ea-FRA
x-xss-protection
1; mode=block
jquery.creditcardvalidator.min.js
www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/vendor/
2 KB
1 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/vendor/jquery.creditcardvalidator.min.js?ver=3.0.2.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
88e34c6618ed3d7743fabccd2c8936dcdcf9f731c03d05be54d7fec808bb34a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:08:49 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a1f35ea-FRA
x-xss-protection
1; mode=block
edd-checkout-global.js
www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/
8 KB
3 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/edd-checkout-global.js?ver=3.0.2.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cdef6d8ac281e232a82290a3021db73294233a0102884d55c93b445458679027
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:08:49 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a2035ea-FRA
x-xss-protection
1; mode=block
edd-ajax.js
www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/
12 KB
4 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/easy-digital-downloads/assets/js/edd-ajax.js?ver=3.0.2.1
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce3d9022dcc7cdb74c836bb038356674fca052a1a3604d1b2b78b7bcfb770364
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:08:49 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a2135ea-FRA
x-xss-protection
1; mode=block
vendd-scripts.js
www.heaven32.com/download/wp-content/themes/vendd/inc/js/
2 KB
904 B
Script
General
Full URL
https://www.heaven32.com/download/wp-content/themes/vendd/inc/js/vendd-scripts.js?ver=1.2.5
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58ec7df99b26a5aa278e138235dc17b42c9ce5b34e58d1acac53cebace035851
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Aug 2021 10:11:10 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a2235ea-FRA
x-xss-protection
1; mode=block
image.js
www.heaven32.com/download/wp-content/plugins/featured-image-from-url/includes/html/js/
4 KB
1 KB
Script
General
Full URL
https://www.heaven32.com/download/wp-content/plugins/featured-image-from-url/includes/html/js/image.js?ver=4.0.5
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0891804a56327bacae315d5e5281bee36c729cabfe22697a28083eeb39eb8608
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 05 Aug 2022 10:14:15 GMT
server
cloudflare
cf-cache-status
REVALIDATED
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
85193a872a2335ea-FRA
x-xss-protection
1; mode=block
fontawesome-webfont.woff2
www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/fonts/
75 KB
76 KB
Font
General
Full URL
https://www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/css/font-awesome.min.css?ver=1.2.5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:aa86 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.heaven32.com/download/wp-content/themes/vendd/inc/fonts/font-awesome/css/font-awesome.min.css?ver=1.2.5
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 18 Aug 2021 10:11:10 GMT
server
cloudflare
cf-cache-status
REVALIDATED
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
85193a872a2a35ea-FRA
content-length
77160
x-xss-protection
1; mode=block
js
www.googletagmanager.com/gtag/
230 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-K2TF3DQY6H&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145434812-11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
982150a7bc08c47947a49c1df09a2bac47efb67b959c279c382766d6eb2b6431
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83052
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 07 Feb 2024 05:28:17 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-145434812-11
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 07 Feb 2024 03:48:09 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6009
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 07 Feb 2024 05:48:09 GMT
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/
406 KB
138 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f95ef16c0c4e5c46bea68d6f10b45e45723cee71bf043a724aaa6314bd17581
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:18 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140959
x-xss-protection
0
server
cafe
etag
8828091815304279082
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:28:18 GMT
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20240205/r20190131/ Frame 2BA9
9 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20240205/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
41692
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4209
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Tue, 06 Feb 2024 17:53:26 GMT
etag
3890843268177463596
expires
Tue, 20 Feb 2024 17:53:26 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
collect
region1.google-analytics.com/g/
0
255 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-K2TF3DQY6H&gtm=45je4250v9114355977za200&_p=1707283697778&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=342885662.1707283698&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EAAI&_s=1&sid=1707283698&sct=1&seg=0&dl=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&dt=Go%20to%20Download%20-%20Heaven32%20Downloads&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1097
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K2TF3DQY6H&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.heaven32.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
1 B
207 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=319266174&t=pageview&_s=1&dl=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&ul=en-us&de=UTF-8&dt=Go%20to%20Download%20-%20Heaven32%20Downloads&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=190675521&gjid=2086051015&cid=342885662.1707283698&tid=UA-145434812-11&_gid=1021558204.1707283698&_r=1&gtm=457e4250za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&jsscut=1&z=1741161618
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.heaven32.com/download/checkout/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.heaven32.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame A47E
639 KB
113 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&adk=1812271804&adf=3025194257&lmt=1707283698&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x1080_l%7C188x1080_r&format=0x0&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&pra=5&wgl=1&easpi=0&asro=0&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&aslcwct=150&asacwct=25&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697973&bpp=5&bdt=295&idt=160&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6438787591612&frm=20&pv=2&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=172
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3776ed63a372d5781806bfdfb4ee6c53b5c1f5dfb61393eda88712ba453056d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
115575
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
expires
Wed, 07 Feb 2024 05:28:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame B462
121 KB
41 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4d828e828815f7ff4c58b24e4213a2a8f5d5d8d791b6fc3ef732be46e421ad4e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
41985
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
expires
Wed, 07 Feb 2024 05:28:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 5E85
133 KB
43 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0b7ff8cfd550f399f852974a346aad49ff4bab262feb309d0d4d792dfd852d66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
43925
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
expires
Wed, 07 Feb 2024 05:28:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9A75
105 KB
39 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3e2883757346b7b624ed06ef319022ee068eb367ad3da620bd33bb6efc9f39e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
40122
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:19 GMT
expires
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 9E4D
105 KB
39 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0425a83e9c5b9c2c12346361955f6ca67e0ac9ff3459d38d065d6f54e5b67443
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
br
content-length
40088
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
expires
Wed, 07 Feb 2024 05:28:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
15422584764901532459
tpc.googlesyndication.com/simgad/ Frame 9E4D
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/15422584764901532459?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnRoQw3A2aGZq7XpqUk7IaxxTQPQw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa511a554035872a50a72eed86d378c5bcb00edd3bb3b5cee44d914ae8175f24
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 21:52:45 GMT
x-content-type-options
nosniff
age
27333
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5754
x-xss-protection
0
last-modified
Mon, 30 Oct 2023 15:30:46 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 05 Feb 2025 21:52:45 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/ Frame 9E4D
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
45785
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
3610546441309021303
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9E4D
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9E4D
20 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8501
x-xss-protection
0
server
cafe
etag
9351358253902147912
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 9E4D
205 KB
62 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=44809772
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 04:35:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
3187
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63267
x-xss-protection
0
server
cafe
etag
vary
Accept-Encoding
content-type
text/javascript; charset=ISO-8859-1
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:35:11 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9E4D
36 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
083453bf4d12b9c46f44e3b434994e63ab8d8507300e67eaa25d9c7a9c0354bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 17:04:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
44606
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14866
x-xss-protection
0
server
cafe
etag
15811255140505289687
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 17:04:52 GMT
s
googleads.g.doubleclick.net/pagead/drt/ Frame 3BCC
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2996
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 04:38:22 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
si
googleads.g.doubleclick.net/pagead/drt/ Frame 3BCC
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
expires
Wed, 07 Feb 2024 05:28:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:18 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
truncated
/ Frame 9E4D
207 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aca3c3baf9deec7175dfe12b2e4a4202819f055dfcde911ff8825eee9deb16a4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
css
fonts.googleapis.com/ Frame 5E85
14 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 03:46:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:18 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 5E85
2 KB
875 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/ Frame 5E85
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
45785
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
3610546441309021303
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 5E85
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 5E85
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8501
x-xss-protection
0
server
cafe
etag
9351358253902147912
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 5E85
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66417
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1707137874550712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:28:18 GMT
ddb466d8785cb75acd721f17b1b8dd87.js
www.gstatic.com/mysidia/ Frame 5E85
37 KB
16 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 18:57:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37858
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15487
x-xss-protection
0
last-modified
Tue, 06 Feb 2024 06:36:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 06 May 2024 18:57:20 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 9E4D
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C5ePf8hTDZf2lDcfy1PIPieya2A3m0-n6ctKOs7O5EqKUxJKNDhABILq79HdglYKAgJgHoAH34pu0KMgBAqgDAcgDyQSqBJMCT9DBdv0Ro7KoH5Tm1CD6vD04yt5ff9CNtb25eaAeIqGnxPa...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225479993392940725917%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225479993392940725917%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213731706945205174897%22}&andc=true
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"5479993392940725917","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"13731706945205174897"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Feb 2024 05:28:19 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 07 Feb 2024 05:28:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"5479993392940725917","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"13731706945205174897"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
14763004658117789537
tpc.googlesyndication.com/simgad/7237800025717612873/ Frame 5E85
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/7237800025717612873/14763004658117789537?w=400&h=209&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5beed500dd69310b90746e22ec487f510288608a9ca22296eb63375adc332302
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires
Wed, 05 Feb 2025 18:51:14 GMT
date
Tue, 06 Feb 2024 18:51:14 GMT
x-content-type-options
nosniff
age
38224
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6442
x-xss-protection
0
last-modified
Tue, 23 Jan 2024 10:50:37 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
truncated
/ Frame 5E85
206 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame 5E85
209 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/svg+xml
css
fonts.googleapis.com/ Frame B462
4 KB
728 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 03:41:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:18 GMT
load_preloaded_resource_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame B462
2 KB
856 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/load_preloaded_resource_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
795
x-xss-protection
0
server
cafe
etag
4925184154378345226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/ Frame B462
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
45785
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
3610546441309021303
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame B462
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame B462
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45796
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8501
x-xss-protection
0
server
cafe
etag
9351358253902147912
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame B462
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66417
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1707137874550712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:28:18 GMT
ddb466d8785cb75acd721f17b1b8dd87.js
www.gstatic.com/mysidia/ Frame B462
37 KB
15 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/ddb466d8785cb75acd721f17b1b8dd87.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 18:57:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37858
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15487
x-xss-protection
0
last-modified
Tue, 06 Feb 2024 06:36:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Mon, 06 May 2024 18:57:20 GMT
14763004658117789537
tpc.googlesyndication.com/simgad/10566941211276593353/ Frame B462
35 KB
35 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/10566941211276593353/14763004658117789537?w=600&h=314&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aa904e9c6aeb4f12f81a84bed6146cfa2782bf0cec815671b5b7ffaca18b9b67
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires
Wed, 05 Feb 2025 19:25:40 GMT
date
Tue, 06 Feb 2024 19:25:40 GMT
x-content-type-options
nosniff
age
36158
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35911
x-xss-protection
0
last-modified
Tue, 27 Jun 2023 09:59:55 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
14763004658117789537
tpc.googlesyndication.com/simgad/6399413484000534979/ Frame B462
5 KB
5 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/6399413484000534979/14763004658117789537?w=100&h=100&tw=1&q=75
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9f479d225eceee4f25c367bedb638544dd9919258bc452c0f282f67f3ca92e9c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

expires
Wed, 05 Feb 2025 18:59:00 GMT
date
Tue, 06 Feb 2024 18:59:00 GMT
x-content-type-options
nosniff
age
37758
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4873
x-xss-protection
0
last-modified
Fri, 15 Dec 2023 07:14:30 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
allow-fenced-frame-automatic-beacons
true
1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
pagead2.googlesyndication.com/bg/ Frame 0FEF
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=60&slotname=1842810885&adk=1566633344&adf=3985407456&pi=t.ma~as.1842810885&w=468&lmt=1707283698&format=468x60&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697981&bpp=1&bdt=303&idt=208&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280%2C300x50&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=566&ady=3312&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=5&uci=a!5&btvi=1&fsb=1&dtd=209
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d661d9ba5a56074df98fc84d50fffadc34244eca7859281e98f2c7bca9ffd35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 17:14:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
130445
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19785
x-xss-protection
0
last-modified
Thu, 01 Feb 2024 12:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 04 Feb 2025 17:14:13 GMT
truncated
/ Frame 5E85
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6b9a981d6c10510d51b5182ec4cf17bbf330d47b8e7c7ef74d60dc8b0b758ec9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame B462
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1bcdf2ea496b7a44247154600bc5579e0cad25f1d06249b4328e8e627568481c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%225479993392940725917%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2213731706945205174897%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame 5E85
33 KB
34 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 04:01:15 GMT
x-content-type-options
nosniff
age
91624
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
34108
x-xss-protection
0
last-modified
Tue, 23 May 2023 16:35:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Feb 2025 04:01:15 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame 5E85
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=C3LGa8hTDZcWbDK2Xx_APqZ24kAPjtc7NdaaSvqeWEsCNtwEQASC6u_R3YJWCgICYB6AB3fCqwCrIAQmoAwHIA8sEqgSXAk_QbfoTzHQVDZdc-DB6fO9nhA_6UQvpeixDPz04CQB6MNUDfu3...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228929615983204493068%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228929615983204493068%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211409209437%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226987908962194940417%22}&andc=true
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"8929615983204493068","debug_reporting":true,"destination":"https://pdfixers.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11409209437"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"6987908962194940417"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Feb 2024 05:28:19 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"8929615983204493068","debug_reporting":true,"destination":"https://pdfixers.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11409209437"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"6987908962194940417"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
pagead2.googlesyndication.com/bg/ Frame 4C60
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=3935076357&adk=2079268616&adf=2650640276&pi=t.ma~as.3935076357&w=722&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=722x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697979&bpp=1&bdt=301&idt=185&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=439&ady=669&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=189
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d661d9ba5a56074df98fc84d50fffadc34244eca7859281e98f2c7bca9ffd35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 17:14:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
130446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19785
x-xss-protection
0
last-modified
Thu, 01 Feb 2024 12:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 04 Feb 2025 17:14:13 GMT
reactive_library_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/
165 KB
56 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/reactive_library_fy2021.js?bust=31080980
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
752c7c2435541fcc092d565542dd25d4944a683bb87d1efa3e8aa606c6dae675
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57039
x-xss-protection
0
server
cafe
etag
4374088016014219853
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:28:19 GMT
ca-pub-7130643274838149
fundingchoicesmessages.google.com/i/
183 KB
61 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/i/ca-pub-7130643274838149?ers=2
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6691149cc7f86c622726ce7b7412f9ce0264a92fc92764425576a19b073870bf
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-lIYgpS1t9V_CQEPJIWoR7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-lIYgpS1t9V_CQEPJIWoR7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzj2sKoxSXF4KchxXDe6Q7TdSC-qPKU6SYQ1zI8Y2oF4gfhz5heALGBxnMmCyBm_POCiROI3315ycTz9SWTBBBrAPE7yVdM34B4h48Hy5vw6axcEdNZ4-qms-YBMd-66ay666ezbjkznXUPEMc8n86aAsSLWWewrgbiKYEzWOcAsVP6DNYgIP6cOYP1NxD71M9gjQHistvnWOuAWFjuPKs0EAtxc3xe2bOOTaCj-54rAMtqUCM"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B462
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 20:44:46 GMT
x-content-type-options
nosniff
age
31413
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Feb 2025 20:44:46 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame B462
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C500
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 31 Jan 2024 23:50:55 GMT
x-content-type-options
nosniff
age
538644
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 30 Jan 2025 23:50:55 GMT
async-ads.js
www.google.com/adsense/search/
137 KB
50 KB
Script
General
Full URL
https://www.google.com/adsense/search/async-ads.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c950785b5e5ef39672d5197eca6fde0648aa710b21400e5669121924def0dfef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"789294379999956703"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Wed, 07 Feb 2024 05:28:19 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_auto_rs&sts=ok&evt=place&vh=1200&eid=44808457&hl=en&pvc=3972973527840946
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
css
fonts.googleapis.com/
1 KB
521 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Symbols%3Aopsz%2Cwght%2CFILL%2CGRAD%4020..48%2C100..700%2C0..1%2C-50..200
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
951f3286a12a03cd3a3a098e0e81176a41d4c4c3c1d9c85966ee7bfd4dd5e091
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 05:28:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:19 GMT
css
fonts.googleapis.com/
5 KB
754 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%20Text%3A400%2C500%2C700
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 05:04:24 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:19 GMT
css2
fonts.googleapis.com/
591 B
440 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Google+Symbols:opsz,wght,FILL,GRAD@20..48,100..700,0..1,-50..200
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
79f286411998374786a26de7f883ef2a877ea127d276eeafa930742df7393720
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 05:28:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:19 GMT
css
fonts.googleapis.com/
5 KB
731 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google+Sans+Text:400,500,700
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 04:11:29 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:19 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%228929615983204493068%22,%22debug_reporting%22:true,%22destination%22:%22https://pdfixers.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211409209437%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226987908962194940417%22}&andc=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
15422584764901532459
tpc.googlesyndication.com/simgad/ Frame 9A75
6 KB
6 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/15422584764901532459?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnRoQw3A2aGZq7XpqUk7IaxxTQPQw
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa511a554035872a50a72eed86d378c5bcb00edd3bb3b5cee44d914ae8175f24
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 21:52:45 GMT
x-content-type-options
nosniff
age
27334
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5754
x-xss-protection
0
last-modified
Mon, 30 Oct 2023 15:30:46 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Wed, 05 Feb 2025 21:52:45 GMT
abg_lite_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/ Frame 9A75
23 KB
9 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/abg_lite_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
45786
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9319
x-xss-protection
0
server
cafe
etag
3610546441309021303
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:13 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9A75
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/window_focus_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45797
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1236
x-xss-protection
0
server
cafe
etag
15004572836499977866
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9A75
20 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 16:45:02 GMT
content-encoding
br
x-content-type-options
nosniff
age
45797
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8501
x-xss-protection
0
server
cafe
etag
9351358253902147912
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 16:45:02 GMT
ufs_web_display.js
www.googletagservices.com/activeview/js/current/ Frame 9A75
205 KB
65 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
66417
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1707137874550712"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 07 Feb 2024 05:28:19 GMT
one_click_handler_one_afma_fy2021.js
tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/ Frame 9A75
36 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20240205/r20110914/client/one_click_handler_one_afma_fy2021.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
083453bf4d12b9c46f44e3b434994e63ab8d8507300e67eaa25d9c7a9c0354bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 17:04:52 GMT
content-encoding
br
x-content-type-options
nosniff
age
44607
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14866
x-xss-protection
0
server
cafe
etag
15811255140505289687
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Tue, 20 Feb 2024 17:04:52 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame B462
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CIQYh8hTDZZvqCov11PIP9Iut8A7Y7qfddYT92ejWEs3GibyFKhABILq79HdglYKAgJgHoAH52O7iKMgBCagDAcgDywSqBJgCT9CiDD-3S2b_o0m3JsUcNlqMoMHfKx6h2P2I_4MFfZNmZ2i...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214137239820251471331%22,%22debug_reporting%22:true,%22destination%22:%22https://kingsgroupgames.com%22,%22event_report_win...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214137239820251471331%22,%22debug_reporting%22:true,%22destination%22:%22https://kingsgroupgames.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210944752761%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215445093730970453089%22}&andc=true
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"14137239820251471331","debug_reporting":true,"destination":"https://kingsgroupgames.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10944752761"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"15445093730970453089"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Feb 2024 05:28:19 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"14137239820251471331","debug_reporting":true,"destination":"https://kingsgroupgames.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10944752761"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"15445093730970453089"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
s
googleads.g.doubleclick.net/pagead/drt/ Frame EAE0
143 B
166 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2997
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3600
content-encoding
gzip
content-length
145
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 04:38:22 GMT
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
pagead2.googlesyndication.com/bg/ Frame 1A85
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=280&slotname=8810198353&adk=3926027424&adf=240802998&pi=t.ma~as.8810198353&w=1200&fwrn=4&fwrnh=100&lmt=1707283698&rafmt=1&format=1200x280&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697978&bpp=1&bdt=299&idt=170&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=200&ady=215&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=177
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d661d9ba5a56074df98fc84d50fffadc34244eca7859281e98f2c7bca9ffd35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 17:14:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
130446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19785
x-xss-protection
0
last-modified
Thu, 01 Feb 2024 12:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 04 Feb 2025 17:14:13 GMT
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214137239820251471331%22,%22debug_reporting%22:true,%22destination%22:%22https://kingsgroupgames.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210944752761%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2215445093730970453089%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
HhzZU5Ak9u-oMExPeInvcuEmPosC9zyteYEFU68cPrjdKM1XLPTxlGmzczpgWvF1d8Yp7AudBnt3CPar1JFWjoLAUv3G-tSXmA.woff2
fonts.gstatic.com/s/googlesymbols/v248/
671 KB
672 KB
Font
General
Full URL
https://fonts.gstatic.com/s/googlesymbols/v248/HhzZU5Ak9u-oMExPeInvcuEmPosC9zyteYEFU68cPrjdKM1XLPTxlGmzczpgWvF1d8Yp7AudBnt3CPar1JFWjoLAUv3G-tSXmA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Symbols%3Aopsz%2Cwght%2CFILL%2CGRAD%4020..48%2C100..700%2C0..1%2C-50..200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b7624e1c041b214cd3fd5748c078c845761c3d997b76dfa27331f8e393617509
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 20:57:10 GMT
x-content-type-options
nosniff
age
462669
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
687400
x-xss-protection
0
last-modified
Wed, 31 Jan 2024 23:17:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 31 Jan 2025 20:57:10 GMT
cookie.js
partner.googleadservices.com/gampad/
378 B
592 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=www.heaven32.com&client=partner-pub-7130643274838149&product=SAS&callback=__sasCookie
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/search/async-ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6ec1bf61dce82728f60ccba55282b93347d8d91bd20d51c65d839dc4d08f727a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
241
x-xss-protection
0
ads
www.adsensecustomsearchads.com/afs/ Frame B2CD
19 KB
3 KB
Document
General
Full URL
https://www.adsensecustomsearchads.com/afs/ads?psid=5134551505&channel=AutoRsVariant&cx=r-d03190f8f32be5cbd&fexp=44808457%2C21404%2C17300000%2C17301197%2C17301352%2C17301356%2C17301374%2C17301383%2C71847096&client=pub-7130643274838149&r=m&hl=en&rpbu=http%3A%2F%2Fgoogle.com&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&format=r5&nocache=1071707283699218&num=0&output=afd_ads&domain_name=www.heaven32.com&v=3&bsl=10&pac=0&u_his=2&u_tz=60&dt=1707283699218&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=4648&frm=0&cl=603129119&uio=-&cont=autors-container-0&drt=0&jsid=csa&jsv=603129119&rurl=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/search/async-ads.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
4e9ff76943347242375d2310dc4bac513976d6e697a85cecc1214e4ad23c37a3
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-0X81XGplo1nhlB-D4VNVgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
2829
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-0X81XGplo1nhlB-D4VNVgA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
date
Wed, 07 Feb 2024 05:28:19 GMT
expires
Wed, 07 Feb 2024 05:28:19 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
server
gws
x-xss-protection
0
truncated
/ Frame 9A75
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
61daa56bccda71f56856e8a170dd0d0a8d035501dfd36b6cc6b5353fe6c2cd9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/png
AGSKWxVPqIsYXvNLxlSoe36d3Z2t5ZoZ-G59fwG5VMXGFks6WuSHS9YuleN3MFcXSedzIyjFUHS9o6L1jBqCkesnAIJ7KldoEiPyHN8HMiPAdSN8_8OLixW0KvKkpehCL8ilwlvjT0Y_
fundingchoicesmessages.google.com/f/
379 KB
58 KB
Script
General
Full URL
https://fundingchoicesmessages.google.com/f/AGSKWxVPqIsYXvNLxlSoe36d3Z2t5ZoZ-G59fwG5VMXGFks6WuSHS9YuleN3MFcXSedzIyjFUHS9o6L1jBqCkesnAIJ7KldoEiPyHN8HMiPAdSN8_8OLixW0KvKkpehCL8ilwlvjT0Y_?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzA3MjgzNjk5LDI5NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly93d3cuaGVhdmVuMzIuY29tL2Rvd25sb2FkL2NoZWNrb3V0LyIsbnVsbCxbWzgsIkMyUXlkSjV2UG9ZIl0sWzksImRlIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIxIl0sWzE3LCJbMF0iXV1d
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.C2QydJ5vPoY.es5.O/am=wA/d=1/rs=AJlcJMxKuy2FXwuOG2GZCbidw-lVOyC_1A/m=kernel_loader,loader_js_executable
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c8ee3004b2c19e1a802a487869a9ccd5fda5d75a56326842385eb843b2196b48
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-la6DYNEOVk2BKlhuFDcodA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-la6DYNEOVk2BKlhuFDcodA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
reporting-endpoints
default="/_/ContributorGlobalRouterHttp/web-reports?context=eJwNwz0IAWEYB_C7J4-4hFh8lMlwKWU0mwwWFgaZlCxGGyabUb3vYGIhxWKQTGaRSWKwuENi8LEw-P_qp03ViBZQMnpA6bpmtE4caIub8Il2WFMMauIxa9AZY7pJcVR_Z7Lj_XUhx_tCPtTx7r_SB6eppOWWFazlBBfqgivoHAmOjgVPloLnmDcFF7HHkofYTkvuYKIkOYPPsuQvphqS81jdr7iO3tCag-hx2J6D1sjq7r8eC_UPOSdSsQ"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin
*
expires
Mon, 01 Jan 1990 00:00:00 GMT
si
googleads.g.doubleclick.net/pagead/drt/ Frame EAE0
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
17 B
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:19 GMT
expires
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:19 GMT
location
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame 9A75
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/adview?ai=CuAaw8hTDZfj5DIO2x_AP4PeO8A_m0-n6ctKOs7O5EqKUxJKNDhABILq79HdglYKAgJgHoAH34pu0KMgBAqgDAcgDyQSqBJMCT9Dbj1AR1bzZ9pZdMJc92jf-TLXKOzPwpybtTIAuxH97pQC...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22644877571288463081%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%2...
0
0
Fetch
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22644877571288463081%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229152933703077360913%22}&andc=true
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
attribution-reporting-register-source
{"debug_key":"644877571288463081","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"9152933703077360913"}
server
cafe
content-type
text/css; charset=UTF-8
access-control-allow-origin
https://googleads.g.doubleclick.net
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Wed, 07 Feb 2024 05:28:19 GMT

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
date
Wed, 07 Feb 2024 05:28:19 GMT
x-content-type-options
nosniff
server
cafe
content-type
text/html; charset=UTF-8
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"644877571288463081","debug_reporting":true,"destination":"https://webcompanion.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["10846925175"],"22":["true"],"4":["02-07"],"6":["true"]},"priority":"500","source_event_id":"9152933703077360913"}&andc=true
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
/
www.googleadservices.com/pagead/ar-adview/ Frame
0
0
Preflight
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22644877571288463081%22,%22debug_reporting%22:true,%22destination%22:%22https://webcompanion.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2210846925175%22],%2222%22:[%22true%22],%224%22:[%2202-07%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229152933703077360913%22}&andc=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
attribution-reporting-eligible
Access-Control-Request-Method
GET
Origin
https://googleads.g.doubleclick.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
attribution-reporting-eligible
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://googleads.g.doubleclick.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 07 Feb 2024 05:28:19 GMT
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
pagead2.googlesyndication.com/bg/ Frame 48DA
50 KB
19 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/1mHZulpWB035j8hNUP_63DQkTsp4WSgemPLHvKn_014.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7130643274838149&output=html&h=50&slotname=2852896413&adk=1524820480&adf=1652625040&pi=t.ma~as.2852896413&w=300&lmt=1707283698&format=300x50&url=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1707283697980&bpp=1&bdt=302&idt=198&shv=r20240205&mjsv=m202401300101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C1200x280%2C722x280&nras=1&correlator=6438787591612&frm=20&pv=1&ga_vid=342885662.1707283698&ga_sid=1707283698&ga_hid=319266174&ga_fc=1&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1066&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C44808397%2C31080794%2C31080819%2C44798934%2C31080980%2C95324155%2C95324160&oid=2&pvsid=3972973527840946&tmod=1866197481&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=0&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=4&uci=a!4&fsb=1&dtd=204
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d661d9ba5a56074df98fc84d50fffadc34244eca7859281e98f2c7bca9ffd35e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Mon, 05 Feb 2024 17:14:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
130446
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19785
x-xss-protection
0
last-modified
Thu, 01 Feb 2024 12:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 04 Feb 2025 17:14:13 GMT
ads.js
www.adsensecustomsearchads.com/adsense/search/ Frame B2CD
137 KB
50 KB
Script
General
Full URL
https://www.adsensecustomsearchads.com/adsense/search/ads.js?pac=0
Requested by
Host: www.adsensecustomsearchads.com
URL: https://www.adsensecustomsearchads.com/afs/ads?psid=5134551505&channel=AutoRsVariant&cx=r-d03190f8f32be5cbd&fexp=44808457%2C21404%2C17300000%2C17301197%2C17301352%2C17301356%2C17301374%2C17301383%2C71847096&client=pub-7130643274838149&r=m&hl=en&rpbu=http%3A%2F%2Fgoogle.com&rpqp=q&type=3&rs_tt=c&oe=UTF-8&ie=UTF-8&format=r5&nocache=1071707283699218&num=0&output=afd_ads&domain_name=www.heaven32.com&v=3&bsl=10&pac=0&u_his=2&u_tz=60&dt=1707283699218&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=4648&frm=0&cl=603129119&uio=-&cont=autors-container-0&drt=0&jsid=csa&jsv=603129119&rurl=https%3A%2F%2Fwww.heaven32.com%2Fdownload%2Fcheckout%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
bd91186e0022aa6cfaafc83082ecd004f487adcecac5694f567be6b36394a6d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"11485172177450778495"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Wed, 07 Feb 2024 05:28:19 GMT
css
fonts.googleapis.com/
105 KB
5 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Archivo:400,500|Arimo:400,500|Bitter:400,500|EB+Garamond:400,500|Lato|Libre+Baskervill|Libre+Franklin:400,500|Lora:400,500|Google+Sans:regular,medium:400,500|Material+Icons|Google+Symbols|Merriweather|Montserrat:400,500|Mukta:400,500|Muli:400,500|Nunito:400,500|Open+Sans:400,500,600|Open+Sans+Condensed:400,600|Oswald:500|Playfair+Display:400,500|Poppins:400,500|Raleway:400,500|Roboto:400,500|Roboto+Condensed:400,500|Roboto+Slab:400,500|Slabo+27px|Source+Sans+Pro|Ubuntu:400,500|Volkhov&display=swap
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.C2QydJ5vPoY.es5.O/d=1/exm=kernel_loader,loader_js_executable/ed=1/rs=AJlcJMzgffkJcizCmCQfGxxELphQRTDJrA/m=web_iab_tcf_v2_wall_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
867f683e26903b242dee20b61aa0ffba68101a72a70d279d8a5c6e77e9f48a2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 07 Feb 2024 05:28:19 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 07 Feb 2024 05:28:19 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 19:10:32 GMT
x-content-type-options
nosniff
age
37067
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Feb 2025 19:10:32 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/
24 KB
24 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTUGmu1aB.woff2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 18:59:47 GMT
x-content-type-options
nosniff
age
37712
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24984
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Feb 2025 18:59:47 GMT
iframe.html
www.gstatic.com/prose/protected/558153351/ Frame 8A99
10 KB
5 KB
Document
General
Full URL
https://www.gstatic.com/prose/protected/558153351/iframe.html?cx=r-d03190f8f32be5cbd&host=www.heaven32.com&hl=en&lrh=Search%20results%20from%20%24%7Bwebsite%7D&client=partner-pub-7130643274838149&origin=https%3A%2F%2Fwww.heaven32.com
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9fd5393ba5c8b37cb01007d6d2d965164816c09b5b71b298b2791c570c45e23
Security Headers
Name Value
Content-Security-Policy script-src 'nonce-F4MCoMhzIPlp3zuM7JlGpg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/prose-team; base-uri 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
4335
content-security-policy
script-src 'nonce-F4MCoMhzIPlp3zuM7JlGpg' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/prose-team; base-uri 'none'
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="prose-team"
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:19 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v140/
125 KB
125 KB
Font
General
Full URL
https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 02:19:49 GMT
x-content-type-options
nosniff
age
97710
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Tue, 07 Mar 2023 19:51:56 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 05 Feb 2025 02:19:49 GMT
AGSKWxUXjJjG7sZCb-FHC9M6xVRoqaxEO_cXkCaGk2Gy5aU-9vDHFr-GDJDUXywb85gKLn_di7CGLUBqQQM49uchV-pY2XGij5lpirG_oucWphatVP2YzriLCjrm2M_Xqj_o5pOJWOtQ
fundingchoicesmessages.google.com/el/
0
29 B
XHR
General
Full URL
https://fundingchoicesmessages.google.com/el/AGSKWxUXjJjG7sZCb-FHC9M6xVRoqaxEO_cXkCaGk2Gy5aU-9vDHFr-GDJDUXywb85gKLn_di7CGLUBqQQM49uchV-pY2XGij5lpirG_oucWphatVP2YzriLCjrm2M_Xqj_o5pOJWOtQ
Requested by
Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.de.C2QydJ5vPoY.es5.O/am=wA/d=1/rs=AJlcJMxKuy2FXwuOG2GZCbidw-lVOyC_1A/m=kernel_loader,loader_js_executable
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-5PnBn230MSzs8MWebNnfbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-security-policy
require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-5PnBn230MSzs8MWebNnfbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
reporting-endpoints
default="/_/ContributorLoggingHttp/web-reports?context=eJzjctHikmLw0JBiqGV4xtQKxIx_XjBxAvE7yVdM34B4h48Hy5TAGaxzgNgpfQZrCBCX3T7HWgfEwnLnWaWBWIiH4_PKnnVsAheOfGllAgDMSx86"
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age
86400
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://www.heaven32.com
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options
SAMEORIGIN
expires
Mon, 01 Jan 1990 00:00:00 GMT
search.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame B2CD
391 B
388 B
Image
General
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%231967D2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff563f41765da081fe9fd40e8bb33a623df033b10050a8ae8c1b46e15107d8f1
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 06 Feb 2024 06:54:29 GMT
age
81230
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
273
x-xss-protection
0
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Wed, 07 Feb 2024 05:54:29 GMT
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame B2CD
200 B
700 B
Image
General
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%239aa0a6
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5b4cc8b4df06881ba671ef97dfbac6804e5c6ad9db05254103495b3a00e9e250
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.adsensecustomsearchads.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 06 Feb 2024 11:39:24 GMT
age
64135
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
174
x-xss-protection
0
last-modified
Thu, 02 Nov 2023 22:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Wed, 07 Feb 2024 10:39:24 GMT
cse.js
cse.google.com/ Frame 8A99
9 KB
4 KB
Script
General
Full URL
https://cse.google.com/cse.js?cx=r-d03190f8f32be5cbd&hl=en
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/prose/protected/558153351/iframe.html?cx=r-d03190f8f32be5cbd&host=www.heaven32.com&hl=en&lrh=Search%20results%20from%20%24%7Bwebsite%7D&client=partner-pub-7130643274838149&origin=https%3A%2F%2Fwww.heaven32.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
b8c02939643496ff43b1733f9997c39fd7d64e1b3cfdc6e3a85423fb49c716dc
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-YjZcFOvAo_q856JOyoRxqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-YjZcFOvAo_q856JOyoRxqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-encoding
br
date
Wed, 07 Feb 2024 05:28:19 GMT
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3006
x-xss-protection
0
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
server
gws
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
expires
Wed, 07 Feb 2024 05:28:19 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2
fonts.gstatic.com/s/opensans/v40/
46 KB
46 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTVOmu1aB.woff2
Requested by
Host: www.heaven32.com
URL: https://www.heaven32.com/download/checkout/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b0dab5300943d98f4f20de9d48a49e0186441f6fb8b5e95a9635a30c0b60e72
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/
Origin
https://www.heaven32.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Thu, 01 Feb 2024 06:20:09 GMT
x-content-type-options
nosniff
age
515290
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47136
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:04:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 31 Jan 2025 06:20:09 GMT
cse_element__en.js
www.google.com/cse/static/element/8435450f13508ca1/ Frame 8A99
318 KB
106 KB
Script
General
Full URL
https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=r-d03190f8f32be5cbd&hl=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
108214
x-xss-protection
0
last-modified
Wed, 10 Jan 2024 16:43:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/javascript
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 07 Feb 2024 05:28:19 GMT
default_v5+en.css
www.google.com/cse/static/element/8435450f13508ca1/ Frame 8A99
42 KB
9 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=r-d03190f8f32be5cbd&hl=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
805d6768da7e423cd04777a4ef0a0e892f90864b50174b510d3e2ce324af5025
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9466
x-xss-protection
0
last-modified
Wed, 10 Jan 2024 16:43:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
private, max-age=31536000
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 07 Feb 2024 05:28:19 GMT
default.css
www.google.com/cse/static/style/look/v5/ Frame 8A99
4 KB
1 KB
Stylesheet
General
Full URL
https://www.google.com/cse/static/style/look/v5/default.css
Requested by
Host: cse.google.com
URL: https://cse.google.com/cse.js?cx=r-d03190f8f32be5cbd&hl=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
12316403a08a0c47ecf5dd3cbd8202d7474439fce73f1e24462ff42ed28d87a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:11:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
1006
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1093
x-xss-protection
0
last-modified
Thu, 06 Apr 2023 22:00:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
text/css
cache-control
public, max-age=3000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 07 Feb 2024 06:01:33 GMT
async-ads.js
cse.google.com/adsense/search/ Frame 8A99
137 KB
50 KB
Script
General
Full URL
https://cse.google.com/adsense/search/async-ads.js
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/8435450f13508ca1/cse_element__en.js?usqp=CAI%3D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dd7b60455da30fe4351f45a4a200dd7c48dc91b39736d150212871a9d18bd7ef
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"17177805389386292040"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
link
<https://www.adsensecustomsearchads.com>; rel="preconnect"
expires
Wed, 07 Feb 2024 05:28:19 GMT
truncated
/ Frame 8A99
432 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
12a6283de876215c7a713e3fadb4a2f0f8db1e1fcc448afecdf3cef2d37e6060

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type
image/svg+xml
clear.png
www.google.com/cse/static/css/v2/ Frame 8A99
1018 B
1 KB
Image
General
Full URL
https://www.google.com/cse/static/css/v2/clear.png
Requested by
Host: www.google.com
URL: https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/cse/static/element/8435450f13508ca1/default_v5+en.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 18:48:59 GMT
x-content-type-options
nosniff
age
38360
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/prose-team
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1018
x-xss-protection
0
last-modified
Mon, 25 May 2020 08:30:00 GMT
server
sffe
report-to
{"group":"prose-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/prose-team"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="prose-team"
expires
Wed, 05 Feb 2025 18:48:59 GMT
generate_204
clients1.google.com/ Frame 8A99
0
117 B
Image
General
Full URL
https://clients1.google.com/generate_204
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/prose/protected/558153351/iframe.html?cx=r-d03190f8f32be5cbd&host=www.heaven32.com&hl=en&lrh=Search%20results%20from%20%24%7Bwebsite%7D&client=partner-pub-7130643274838149&origin=https%3A%2F%2Fwww.heaven32.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/getconfig/
16 KB
12 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240205&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ad8b3a1dd11d7e030e0c9d222bd4c513b1900270d7fd7fceab45ab77c32e81cd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12183
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202401300101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-7130643274838149&plah=www.heaven32.com&aplac=true&bust=31080980
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Wed, 07 Feb 2024 05:28:19 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9AB5
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
325958
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 03 Feb 2024 10:55:41 GMT
expires
Sun, 02 Feb 2025 10:55:41 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame D5A9
829 B
560 B
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
af9c03923466c40c3489eec6b17a999c3cc09414c6d433c022363a82605d84ac
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-kIKhgiqwXuoE2LKyNs243A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.heaven32.com/download/checkout/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-kIKhgiqwXuoE2LKyNs243A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 07 Feb 2024 05:28:19 GMT
expires
Wed, 07 Feb 2024 05:28:19 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
i0MYUUh1Abms9FfKp1VgzmskXH0YSPyHQhoPFnOk_dI.js
pagead2.googlesyndication.com/bg/ Frame 9AB5
39 KB
15 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/i0MYUUh1Abms9FfKp1VgzmskXH0YSPyHQhoPFnOk_dI.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8b431851487501b9acf457caa75560ce6b245c7d1848fc87421a0f1673a4fdd2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Fri, 02 Feb 2024 21:48:37 GMT
content-encoding
br
x-content-type-options
nosniff
age
373182
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15304
x-xss-protection
0
last-modified
Thu, 01 Feb 2024 12:38:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 01 Feb 2025 21:48:37 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame D5A9
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240205&jk=3972973527840946&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

generate_204
tpc.googlesyndication.com/ Frame 9AB5
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?-ovegg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Wed, 07 Feb 2024 05:28:19 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
activeview
pagead2.googlesyndication.com/pcs/ Frame 5E85
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssGNFBKJUqLyf6uSNmp2-8aftjLjYYl_A21I0FpCoMDfBGpNfYT6j8_XswpxiTTQ0FSenCKbWwgG3VPmWDMs2VgSTRkwjPja4qRGxwz95QGeFxraBu1hAvWxkjanZMKjog6NBAW1AV9MJjEdvEGlfcXA2chvxLqcbks1w&sai=AMfl-YQA8inHeKr470I533D03WO67xlAwfzUFao8HtNGCERFIqHt1gd2fL6ZX9ikarhsT9-NsBIQPOp8cnIL93vETsXDiJAAlveCH8IuwLkYb0BN-zHhhS5ercVWPNbfDaPAXEF0_EUvmdqK-0MXsMka&sig=Cg0ArKJSzBmt_uIiD0pvEAE&cid=CAQSTgAvHhf_nq9NbU8Ijaq5bTjXFu46R3xCTd2nv69fj4vjAoFuIWOK5V5cmEHcAYFQBy0Hmj_or9E5l5eD59HCrD8SMW58aI6o4iNRY3osvxgB&id=lidar2&mcvt=1000&p=0,0,280,722&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=2079268616&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=321649800&rst=1707283698169&rpt=824&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame B462
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssuDtVuPFzsuhSS5uuBZI5OEmOEYYfw7y90uiwKIqO-uXP3KhygvOeZsCNIHUYKCe9hYJ8MACj-HxBIu0LhwpjwXbBeAy3ZfrWEotA4MP_QEwluT0QYZDzZqe1HUBOYuu1cNOX7TQJFyUM-BFkjg9XIVrF32_nfb99VkA&sai=AMfl-YSyNbuxpNa0GF72FtuDuVjxG9w6tgkdaARimojMdXpid_RoDO4JypbQK_SIPxv9WbxhMbRbIMTowBGqxgBTTxACXCO3TbGAXXXS-o1UBZZYCdnlEQaZsLEVRmHw7JlSY_MgIVtpfDGWo5NLbKRy&sig=Cg0ArKJSzFwUinR0zmL8EAE&cid=CAQSTgAvHhf_Q_EOqUHCOtr_jYTNe0rPDPUVQ6gBDYOrVB8S8uORLEzdAmCK_uugW843bN3u3fANsZ4CFScX1MtuFbsoGl-XMwJXckcrxoiKmhgB&id=lidar2&mcvt=1000&p=0,0,280,1200&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=3926027424&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=321649900&rst=1707283698156&rpt=955&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 9A75
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsv-it6K5lD1tI09PoqdpknaBfR3-HTX0ogbzSytfPG9UezPzjb_5diGvBv75b0XE4gZ_LAf_5QEqExPEt6j4CMcjRvwvTiZ-1U8v-WVPpxT3jHckno_-Gbkd4esvqX47GZqCLnmCTMVxdWbrv5-ShAyktFMbsDyesDZOQ&sai=AMfl-YR5pkfJcmSOyIyk3Qfi4iwzCNzc8z_UNNKIRNRlATD912SadTScLPu4pdy0P5FUaCZ-d3HeksBp8tG7jstotlMH6WK_UBJ8o-EzD3MQSPtmtfucTTyCOQJmb_3X6UBT4DXimo7wWLDj60qmkdkxhA&sig=Cg0ArKJSzDHlYwWgqBXyEAE&cid=CAQSTwAvHhf_Ww7L6GMvd3YlM41U1H6L0pwTga44XLg5OQT1HSvf4rF2qePdhKr2fEqFEsFuwv3hKAGk-G9Qc7izhgCYiP11swcci8wM0bNDDI4YAQ&id=lidar2&mcvt=1000&p=0,0,38,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240205&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1524820480&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=321649900&rst=1707283698185&rpt=1060&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=8&io2=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 07 Feb 2024 05:28:20 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240205&jk=3972973527840946&bg=!S0ilSAfNAAZh4eseQeE7ADQBe5WfOMalAiCpePylnWXhUWpFInF2YU-kX0gQOHNfLr2cNIIoMr-NV8to6WIP4uuoI6LFAgAAAEJSAAAAAmgBB5kCv6VzjWcdGxiJbZtiTo82GMSiXzRjawsAmA3v_lyeYuuHvG8pCgqF8yAaYtlRcgeMX98gGIxh8OnGJmYwbywMl9ZGx_osokAR6bKSQxDsu1mFnYSkfkkuKPL9eSiDZPiiUZ4hez6tIhSs9tf5mfKtUb-jkk8LxigDYX6oa7NRtR_9fPNeiqWYVG4t-FM6K4hj3ntistfpQ1L12VGTnxZq4w_BM2EcL7tj27ZfCVbH9qPDXTysWsF0iVRoXHvu1T1MreLUM5EAzG1kne6HEbPI5yGdpSyat7zGrAfL4hsEivhmf_TQs1ic3b_9CtPu1OQdwruy5rMe2HxG5J10e5sSclu1Ni2wvDMnAmJp6XkFBJtF1IxKeHUccwSyrbfjcmyraGhZYhKcAFyrMWJswFypd-EUWxi6pxVXTZgDEIlGgCSFpoNKd_KDHa4U2EMVZqW9oE-ioaMgnd2FtRu3-DGeonOFJeS8bX3JOPZjP4OUjroYpnGAn8iuZKKI4VrSp1GEBn1ffU8ac8kNnJyEN3M_fy1Y5jL30L96b-fUys5x6_IAPsKSBo2AYitM7c34TuZkCM3A6FOs--oL29VUSyuMiqgx8ree9RXd_-ChmRUDVfEgiLE6S3aqo14zwQogq6P1SSLoUq8SfI7IPTnpyxPL9HG0upKm75e0_mMqsaxy7JfpN3i7Vb8Dg3FMgzilA6btpChBa8FYBdjRdqMWIkKyILgTgrPsQMbF6uOFyle7a3uHofE_4wuOLN99tWeJBG95A8gitfQLGeJWRVJaQlZ_ZYF7jvl0XgiKjqm1FyY6vWxpRRz-4rn1s4scOyUciiQp8mAqgcc7B9QGMvcH_dgma2BY00AJw6-sZ2WVxm2_X5A4RkYFnea3YvVz_rFm6QtD7h1XNRQ0wbYJ-XQYH2ewrTYJkg-kcv7h18I2cyX88-w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

gen_204
www.adsensecustomsearchads.com/afs/
0
21 B
Image
General
Full URL
https://www.adsensecustomsearchads.com/afs/gen_204?client=pub-7130643274838149&output=uds_ads_only&zx=rm2z6pvfildu&aqid=8xTDZejxE8agjuwP7MKL4AU&psid=5134551505&pbt=bs&adbx=484&adby=2773.78125&adbh=346&adbw=271&adbah=58%2C58%2C58%2C58%2C58&adbn=master-1&eawp=partner-pub-7130643274838149&errv=603129119&csala=133%7C14%7C164%7C70%7C12&lle=0&ifv=1&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-bu5KbuvxYbTPJwrmSYnvjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-bu5KbuvxYbTPJwrmSYnvjA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Wed, 07 Feb 2024 05:28:21 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0
gen_204
www.adsensecustomsearchads.com/afs/
0
21 B
Image
General
Full URL
https://www.adsensecustomsearchads.com/afs/gen_204?client=pub-7130643274838149&output=uds_ads_only&zx=pyb7txjfcs77&aqid=8xTDZejxE8agjuwP7MKL4AU&psid=5134551505&pbt=bv&adbx=484&adby=2773.78125&adbh=346&adbw=271&adbah=58%2C58%2C58%2C58%2C58&adbn=master-1&eawp=partner-pub-7130643274838149&errv=603129119&csala=133%7C14%7C164%7C70%7C12&lle=0&ifv=1&hpt=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-9Ab1NSfMZxermEJ3bA-Kiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.heaven32.com/download/checkout/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-9Ab1NSfMZxermEJ3bA-Kiw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
date
Wed, 07 Feb 2024 05:28:21 GMT
server
gws
cross-origin-opener-policy
same-origin-allow-popups; report-to="gws"
x-frame-options
SAMEORIGIN
report-to
{"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-type
text/html; charset=UTF-8
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
permissions-policy
unload=()
origin-trial
Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=, AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
x-xss-protection
0

Verdicts & Comments Add Verdict or Comment

96 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 undefined| $ function| jQuery function| gtag object| dataLayer object| adsbygoogle string| c object| adsforwp_obj object| e object| adsforwp_browser_obj function| checkOrResult function| checkAndResult object| edd_global_vars function| recalculate_taxes object| EDD_Checkout object| edd_scripts function| edd_load_gateway function| _createClass function| _classCallCheck function| RocketBrowserCompatibilityChecker object| RocketPreloadLinksConfig object| fifuImageVars object| observer function| disableClick function| disableLink function| fifu_fix_gallery_height function| update_state_field object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| google_js_reporting_queue number| google_srt object| google_persistent_state_async object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state object| google_sa_queue function| google_process_slots object| google_ama_state function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint object| gaGlobal object| gaplugins object| gaData function| google_sa_impl number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| googletag object| google_llp object| googlefc boolean| adsbygoogle_ama_fc_has_run object| googTempStyleOverrideInfo object| googNavStack function| _googCsa object| google_image_requests object| googFloatingToolbarManager object| google_pso_loaded_fonts number| googleNDT_ number| googleAltLoader object| google function| __sasCookie number| experimentId_ object| default_ContributorServingResponseClientJs object| _F_toggles object| __googlefc string| __fcInvoked string| __fcexpdef string| MzAzNDkxYjAwOWNhMmRibG9hZGVyX2pz string| MzAzNDkxYjAwOWNhMmRiY2FjaGVkX2pz object| __fcInternalApiManager boolean| __fcInternalApiPostMessageReady object| __tcfapiEventListeners function| __tcfapi object| __tcfapiManager boolean| __tcfapiPostMessageReady object| GoogleGcLKhOms

14 Cookies

Domain/Path Name / Value
www.heaven32.com/ Name: PHPSESSID
Value: bf2bd6en2i996l09lmer9rhbko
.heaven32.com/ Name: _ga_K2TF3DQY6H
Value: GS1.1.1707283698.1.0.1707283698.0.0.0
.heaven32.com/ Name: _ga
Value: GA1.2.342885662.1707283698
.heaven32.com/ Name: _gid
Value: GA1.2.1021558204.1707283698
.heaven32.com/ Name: _gat_gtag_UA_145434812_11
Value: 1
.apkmirror.com/ Name: __cf_bm
Value: nj72RCjKaVWPvRJaPpYC_yGsrxD5Wtj7pTdIfZO7v3Y-1707283698-1-ASyYNKcxTaN9z2ke+UcJNI8IKwXVM+ywKUlbCtcjFAmCmgH1R1Q1WNZTfyzS84VYVYdebUcqlfcrhpRMfNS4RjQ=
.heaven32.com/ Name: __gads
Value: ID=b727f8291ab60343:T=1707283698:RT=1707283698:S=ALNI_MaLUUM8RMwb12k1t27pFNkw018Vdw
.heaven32.com/ Name: __gpi
Value: UID=00000d5253afc233:T=1707283698:RT=1707283698:S=ALNI_MaMIPjlYgteYuSEQmzGeerMJhLlXA
.heaven32.com/ Name: __eoi
Value: ID=f2ae04f8cace9fe9:T=1707283698:RT=1707283698:S=AA-Afja8-aRBIDU6UWc1UTNpGaC7
.doubleclick.net/ Name: DSID
Value: NO_DATA
.doubleclick.net/ Name: IDE
Value: AHWqTUkAdEUazHUAMPWBNp452XZbGAi91iEJuxgSvOSNSPvXKzeX6h00lwseXAZ8o1s
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.googleadservices.com/ Name: ar_debug
Value: 1
.heaven32.com/ Name: __gsas
Value: ID=2925c9874d7a3a64:T=1707283699:RT=1707283699:S=ALNI_MZ0gzNj9OLM6PFNNxerDvo9FzhUYQ

39 Console Messages

Source Level URL
Text
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.google.com/adsense/search/async-ads.js(Line 196)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.heaven32.com/download/checkout/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afs.googleusercontent.com
app-cdn.acelitchi.com
clients1.google.com
cse.google.com
downloadr2.apkmirror.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
region1.google-analytics.com
tpc.googlesyndication.com
w2.updatestar.com
www.adsensecustomsearchads.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.heaven32.com
www.majorgeeks.com
142.250.185.162
2001:4860:4802:32::36
2606:4700:1::6813:883a
2606:4700:3036::ac43:aa86
2a00:1450:4001:801::200a
2a00:1450:4001:801::200e
2a00:1450:4001:806::200e
2a00:1450:4001:80e::2001
2a00:1450:4001:80f::2003
2a00:1450:4001:810::2001
2a00:1450:4001:810::2002
2a00:1450:4001:810::2003
2a00:1450:4001:811::2008
2a00:1450:4001:813::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:830::2002
2a00:1450:4001:831::200e
2a01:488:67:1000:523:fd96:0:1
2a06:98c1:3121::3
51.81.2.245
0425a83e9c5b9c2c12346361955f6ca67e0ac9ff3459d38d065d6f54e5b67443
083453bf4d12b9c46f44e3b434994e63ab8d8507300e67eaa25d9c7a9c0354bf
088cb0b5b803bbf57403577861d1f063b6a45fe9fd7adcfab7944f962ac81be9
0891804a56327bacae315d5e5281bee36c729cabfe22697a28083eeb39eb8608
0899097f526aab0c82c4332c8dd24d4041cb5fbde0638d98e883e159ecbe2a64
0b7ff8cfd550f399f852974a346aad49ff4bab262feb309d0d4d792dfd852d66
10cc6385b3ea4e2ddfc442129a8606323f404bb2d4961b496ee0b97d7acb0d4a
12316403a08a0c47ecf5dd3cbd8202d7474439fce73f1e24462ff42ed28d87a8
12a6283de876215c7a713e3fadb4a2f0f8db1e1fcc448afecdf3cef2d37e6060
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1bcdf2ea496b7a44247154600bc5579e0cad25f1d06249b4328e8e627568481c
1c8cc3cef0d65c2d9912b24f27bd2f42a79d10be8e00439562a3984f90f05bdd
249e8a64c2b705c28b895bce2471c914db653152ab5f3f20c04a0e072ad83139
25baa7d2055cb46954f417e638ba2d1aae29a8af3f182c6dbd85dbe3a410c002
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
329d1a750114920332eadc55c129957d9dbe5a1b25745e2f7e0ed4fad75e04cd
3776ed63a372d5781806bfdfb4ee6c53b5c1f5dfb61393eda88712ba453056d8
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e2883757346b7b624ed06ef319022ee068eb367ad3da620bd33bb6efc9f39e6
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4d828e828815f7ff4c58b24e4213a2a8f5d5d8d791b6fc3ef732be46e421ad4e
4e9ff76943347242375d2310dc4bac513976d6e697a85cecc1214e4ad23c37a3
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
54090d5321bc8e3a05531aacf2ef2b7769f24e94b14f4a0687587375fffa2523
55265541c0f23c7f8baf69c9ea0224c69e40b6bd1b9f16efafaa5c148e3ff396
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
58ec7df99b26a5aa278e138235dc17b42c9ce5b34e58d1acac53cebace035851
5b4cc8b4df06881ba671ef97dfbac6804e5c6ad9db05254103495b3a00e9e250
5beed500dd69310b90746e22ec487f510288608a9ca22296eb63375adc332302
5dfd53018fc86b6f5d83ce1be059401c522c31ad99fcce0ec365bf02556a1269
5f95ef16c0c4e5c46bea68d6f10b45e45723cee71bf043a724aaa6314bd17581
610da555b02388e6bca220e6fa99208f5f550196bf4d1adb033c2d7eb1fe630a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61daa56bccda71f56856e8a170dd0d0a8d035501dfd36b6cc6b5353fe6c2cd9a
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
6691149cc7f86c622726ce7b7412f9ce0264a92fc92764425576a19b073870bf
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6b0dab5300943d98f4f20de9d48a49e0186441f6fb8b5e95a9635a30c0b60e72
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6b9a981d6c10510d51b5182ec4cf17bbf330d47b8e7c7ef74d60dc8b0b758ec9
6d60c8c726afe91cde8cb5ca9a0db580cec3ff46d9b9228d244cc7f7cc173c5f
6ec1bf61dce82728f60ccba55282b93347d8d91bd20d51c65d839dc4d08f727a
752c7c2435541fcc092d565542dd25d4944a683bb87d1efa3e8aa606c6dae675
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
79f286411998374786a26de7f883ef2a877ea127d276eeafa930742df7393720
7b66fde5f20dacd830c817fd4e423cd3ca92103aca3a52600452c976b3c0ddfa
7e510e61c497d334da21eccda06df5d3a428c9ea94d6903b6138e7c7255aba0f
7f83ea973e4739eb4a3d39bf8bac90016fa95d0167c45d3b883d34f39868e132
805d6768da7e423cd04777a4ef0a0e892f90864b50174b510d3e2ce324af5025
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
84af93c376277b2fb1c7962b45ce84e1e0a31202815ceb873bd980df4378f62b
867f683e26903b242dee20b61aa0ffba68101a72a70d279d8a5c6e77e9f48a2b
87dd11072eab9b9d87f8dd180e6b2931c7e62b449706cd33e68b8e7e5ded44b7
88e34c6618ed3d7743fabccd2c8936dcdcf9f731c03d05be54d7fec808bb34a5
8b431851487501b9acf457caa75560ce6b245c7d1848fc87421a0f1673a4fdd2
8fb14dcb97adfbdead753a1608a50bda5c7764cf78c5e363ae3ee125bdb1dea5
91c697159132fd3884e508f6548c96cb17e460d7456d43e9c4d174fcf84521bf
951f3286a12a03cd3a3a098e0e81176a41d4c4c3c1d9c85966ee7bfd4dd5e091
982150a7bc08c47947a49c1df09a2bac47efb67b959c279c382766d6eb2b6431
99d93010bd12f4b66e9430211b840536f5e80ad38e782ccbe5eb4efe984bec8d
9ba2c2b2479cc7044e4af1a0123ec24531e8ad57aa91d4d5655405a148271589
9f479d225eceee4f25c367bedb638544dd9919258bc452c0f282f67f3ca92e9c
a1a86586e73a2daff4b9bccc2eef0e09c34c1683c5487e710a7f10c742f6bce0
aa904e9c6aeb4f12f81a84bed6146cfa2782bf0cec815671b5b7ffaca18b9b67
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
aca3c3baf9deec7175dfe12b2e4a4202819f055dfcde911ff8825eee9deb16a4
ad34faf8b276504ce025fa4c791c2a995811b232edd70111c9e34e6ab5d1f4a5
ad8b3a1dd11d7e030e0c9d222bd4c513b1900270d7fd7fceab45ab77c32e81cd
af9c03923466c40c3489eec6b17a999c3cc09414c6d433c022363a82605d84ac
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b72805902e02fb3e4dd61d116e8f34a240f5609bdfb0c699ffb950a418e5a162
b7624e1c041b214cd3fd5748c078c845761c3d997b76dfa27331f8e393617509
b8c02939643496ff43b1733f9997c39fd7d64e1b3cfdc6e3a85423fb49c716dc
bd91186e0022aa6cfaafc83082ecd004f487adcecac5694f567be6b36394a6d8
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c8b4c061a679342b5f4f0b99f3d7cf5f255775e027c7218659222dc49be87d43
c8ee3004b2c19e1a802a487869a9ccd5fda5d75a56326842385eb843b2196b48
c950785b5e5ef39672d5197eca6fde0648aa710b21400e5669121924def0dfef
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cdef6d8ac281e232a82290a3021db73294233a0102884d55c93b445458679027
ce3d9022dcc7cdb74c836bb038356674fca052a1a3604d1b2b78b7bcfb770364
d0de0a1e343c53355f109cdfefb4e4cab0609f38cf0c387c7914ec1a22ae2fd4
d661d9ba5a56074df98fc84d50fffadc34244eca7859281e98f2c7bca9ffd35e
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d9fd5393ba5c8b37cb01007d6d2d965164816c09b5b71b298b2791c570c45e23
dab5fc88424d51257fc91bb0cd946e4f61dec6af379c8c6659a4e4d231ff607b
dd7b60455da30fe4351f45a4a200dd7c48dc91b39736d150212871a9d18bd7ef
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f8238cdd1cc6032f1c34cf7e559b55a936097f78cc8839628e5cc39a6fc3f390
fa511a554035872a50a72eed86d378c5bcb00edd3bb3b5cee44d914ae8175f24
fdd8c9b53242b8461e07964105d236c96392ae526be015820dda3619a83a75fc
ff563f41765da081fe9fd40e8bb33a623df033b10050a8ae8c1b46e15107d8f1