www.rethink.onl Open in urlscan Pro
68.178.233.66 Public Scan

Software

cafe /

Resource Hash

ab97aad226ec1c49af32ef9869a65e8a2bb0bc644dcfa252ca9fb8b293d63810

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51710
x-xss-protection: 0
server: cafe
etag: 11095412961380374599
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 11 Sep 2022 23:26:10 GMT

GET
H2 200 fontello.woff
www.rethink.onl/qa-theme/SnowFlat/fonts/ 7 KB
7 KB 172ms
171ms Font
font/woff 68.178.233.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rethink.onl/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.178.233.66 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-68-178-233-66.ip.secureserver.net
Software: Apache /
Resource Hash: c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin: https://www.rethink.onl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:09 GMT
content-encoding: br
last-modified: Mon, 25 Jul 2016 20:01:58 GMT
server: Apache
etag: "2bc121a-1c20-5387b41b3f980-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 7131

GET
H2 200 spinner-icon-14x14.gif
www.rethink.onl/qa-theme/SnowFlat/images/ 8 KB
8 KB 171ms
171ms Image
image/gif 68.178.233.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rethink.onl/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.178.233.66 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-68-178-233-66.ip.secureserver.net
Software: Apache /
Resource Hash: 07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:09 GMT
last-modified: Sat, 12 Jan 2019 20:15:15 GMT
server: Apache
accept-ranges: bytes
etag: "2bc1228-1e65-57f48783a1ac0"
content-length: 7781
content-type: image/gif

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/ 345 KB
122 KB 210ms
209ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

268cff42c9bbb0af72d091527e49ab25c9c94071da5219961fc43a6ac0132d47

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 124394
x-xss-protection: 0
server: cafe
etag: 18384097049250853223
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 11 Sep 2022 23:26:10 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/ Frame 1C6F 10 KB
5 KB 528ms
180ms Document
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220907/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 34697
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 13:47:53 GMT
etag: 8616628553774171045
expires: Sun, 25 Sep 2022 13:47:53 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
698 B 529ms
182ms Script
text/javascript 172.253.118.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.rethink.onl&callback=_gfp_s_&client=ca-pub-2291825815563197&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.118.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sl-in-f156.1e100.net

Software

cafe /

Resource Hash

747811a9418af726b92f877a8098f052525eaba64dfd3918f11cd16afa7e1dcb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com.au/adsid/ 107 B
792 B 523ms
179ms Script
application/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.au/adsid/integrator.js?domain=www.rethink.onl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

si-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 525ms
180ms Script
application/javascript 142.251.10.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.rethink.onl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sd-in-f154.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 86A6 37 KB
14 KB 462ms
462ms Document
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770408&bpp=5&bdt=1159&idt=489&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&correlator=1945373071049&frm=20&pv=2&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Av35xGwjFI&p=https%3A//www.rethink.onl&dtd=507

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2f7f0f67c78c1b5bbce5f4f68441bfaaa01929df76f37ea6d0aa1c7ff857c21c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 13897
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 23:26:11 GMT
expires: Sun, 11 Sep 2022 23:26:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3ABD 37 KB
14 KB 497ms
497ms Document
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

692d1c0d8c6e436d6902a7cfa5d997fcce923dd88154ed8038e56f10b8ef9698

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 13845
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 23:26:11 GMT
expires: Sun, 11 Sep 2022 23:26:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E6C4 15 KB
5 KB 534ms
533ms Document
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&adk=1812271804&adf=3025194257&lmt=1662938770&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&ea=0&pra=7&wgl=1&easpi=0&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770427&bpp=1&bdt=1178&idt=504&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90%2C1004x90&nras=1&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=508

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3a1410b61ccd36e944ea7ec8f836b1b2e4661b98388a9969cad118402bbaa053

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 4894
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 11 Sep 2022 23:26:11 GMT
expires: Sun, 11 Sep 2022 23:26:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 7C6C 0
0 492ms
190ms Fetch
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSuIQk24eY4yhAbv-rtoPouy1kAKs1_3wZLT2qJPiC8CNtwEQASAAYKXAo4CkAYIBF2NhLXB1Yi0yMjkxODI1ODE1NTYzMTk3oAGV9ZvfA8gBCagDAaoE1gFP0L85DQG4XTkjquULZXUQJDU_pLb366tfTGYr24tEeyXglQSeE_N_RyCS2Sz-NZH8_8CxmVrCJv7wfkrl4pUWPeFuevL1b9HBYZUqYLFTK6pOo-7mlhTMh6XTpseYP4xdzDrW-3RrZsWm9uVoCCk8-FjSKwIxha5gyr31Z9j0F59t39V3oWr6OHHhC47hA3VdcxDcFi-Vonc9PCkBMplD3N-07yUhmxdZ4cglCdwtOnCUqCi4xdRc23ThVEjG-5bWhityl3VJReXHs2J_jSvXEBi1IYT7gAaG1be3q_22pPgBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMjI5MTgyNTgxNTU2MzE5NxgA&sigh=XRnYr_SyXZk&uach_m=[UACH]&cid=CAQSGwCsnQUx8-X602C_jJPV4bTLgInMCETx3mddmhgB

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770408&bpp=5&bdt=1159&idt=489&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&correlator=1945373071049&frm=20&pv=2&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Av35xGwjFI&p=https%3A//www.rethink.onl&dtd=507
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 11 Sep 2022 23:26:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Sep 2022 23:26:11 GMT

GET
H2 200 log
hblg.media.net/ Frame 7C6C 35 B
0 1668ms
553ms Fetch
image/gif 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hblg.media.net/log?logid=kfk&evtid=l1log&app=0&cc=AU&ctr=-1.0&viewability=88&device_id=4&cbdp=0.029&slotVisibility=1&dn=rethink.onl&acid=f617eb3105c9435c9332e99d0312c2fb&ugd=4&size=728x90&pvid=4&csip=rtb-common-istio-59f7fddfbb-tw72b.SG&ogbdp=0.06&prvReqId=52604840415165_2135104767_52982010441&itype=ADX&requrl=https%3A%2F%2Fwww.rethink.onl%2F&scrid=1700080812610100728009000000500&mang=1&bidrestime=1662938771101&cid=8CU3SX34C&rme=nurl

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Sep 2022 23:26:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sun, 11 Sep 2022 23:26:12 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 7C6C 35 B
0 894ms
295ms Fetch
image/gif 42.99.140.144
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.0600&ss_d2=0&stid=&other_prv=4&jar_err=&current_day=0.0&adtyp=0&req_id=Yx5ukwAA89sK1RSCFwLD2A&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&predicted_wr=59.3014&exp=&fdbk_id=&second_bidder=*&search_res=51&floor_bucket=0.00&gpid_format=&seat=BID_API&size=728x90&url_l1=index.php&f_seg=&prdp=0.0294&ogcbdp=0.0600&dfpbd=0.0294&server=1&ogerpm_wd_bkt=0-1&model_version=202209111132_generic_adx_1-cid_1&viewability=0.8800&dmm_r=0.0000&cut=51&dmm_l=0.0000&as_cache=1&tcyerpm=&sc=AU-VIC&send_erpm=true&dmm_m9=0.0000&sd=0&hb_exp=&seg=&dmm_m4=0.0000&erpm_bucket=0.05&ugd_ver=&requrl=rethink.onl%2Findex.php%2F&bidrestime=1662938771101&cc=AU&strg=harmony&ss=&current_hour=23&time_stamp=2022-09-11+23%3A26%3A11&model_key=generic_adx_1-cid_1&rvshhon=&mul_ratio=0.0000&bdp=0.0600&ct=Melbourne&akey=&mnckfl=0&bdp_bucket=0.05&algo=unison12&dc=apac_sg&splid=&dn=rethink.onl&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=f617eb3105c9435c9332e99d0312c2fb&infl=&o_ver=NT+10.0&br_ver=89.0.4389.72&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=8.14.1&totalTimeBucket=2&visibility=1&totalTime=2570530&dmm_m1=2022-09-11+23%3A26%3A11.102895794&e_rpm=0.0000&dmm_m22=0.0600&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&rawbid=0.0600&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-common-istio-59f7fddfbb-tw72b.SG&dfp_bucket=0.0&adblk=3461795557&itype=adx&pvid_seat=4_BID_API&cliIP=1741815296&advurl=topics.businessfocus.online%2F&level_base=0&crid=529820104&sat=1&br_id=265&cut_bkt=50&gpid=&iwb=1&second_bid=0.000000&sc_pvid=4&capd=0&other_bids=0.06
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 42.99.140.144 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-144.pacnet.net
Software: /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Sep 2022 23:26:12 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 11 Sep 2022 23:26:12 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 7C6C 162 KB
56 KB 2119ms
1048ms Script
text/javascript 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770408&bpp=5&bdt=1159&idt=489&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&correlator=1945373071049&frm=20&pv=2&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Av35xGwjFI&p=https%3A//www.rethink.onl&dtd=507

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

7388c847271819b83dfc3d29314973c02296c1d4f880d907b988eab77bd09a91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
x-mnt-h: 21-wghw
content-encoding: gzip
server: Apache
etag: "75223ecf2ceea4007a28304a3f1fdfaf"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Sun, 11 Sep 2022 23:26:12 GMT
strict-transport-security: max-age=31536000
x-mnt-w: 8-31
expires: Sun, 11 Sep 2022 23:31:12 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame 7C6C 61 KB
62 KB 1646ms
532ms Script
application/javascript 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

nginx /

Resource Hash

3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: nginx
date: Sun, 11 Sep 2022 23:26:12 GMT
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=55941
access-control-allow-credentials: true
content-length: 62892
expires: Mon, 12 Sep 2022 14:58:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 7C6C 3 KB
1 KB 569ms
223ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 22:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 22:46:00 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 7C6C 17 KB
7 KB 543ms
198ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 23:00:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7C6C 141 KB
44 KB 185ms
180ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Sep 2022 23:26:11 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 915A 0
0 480ms
190ms Fetch
text/html 74.125.200.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CCU79k24eY-3WAY379QOukK6QD6zX_fBktPaok-ILwI23ARABIABgpcCjgKQBggEXY2EtcHViLTIyOTE4MjU4MTU1NjMxOTegAZX1m98DyAEJqAMBqgTWAU_QwLQSwk-HeG0bKYmbyQpeuwo3W-2-u7S4x7GVoRmqHFk6wrchHlZo48QQTYoXEv_LAmlnQhWr70UGgb0Jl2r-kzUfPiZ-O7DdTiLpd3N_5umrlvYhRdMPgIwyCmDcOLH0sDHsJsiEsIypVndZnlumvMzfApnKFGiC6617iPk7I8GDAo8Di3v3kS7WOhhWZ9x3cguQ3p8cya8Us4D72I0CeUNnyYwjzq475CWAYZ27V2IId4a4G9PFfzAEJ90k2EUk3VmEA0p8WRI9Rimy-koVgeBL2EWABobVt7er_bak-AGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yMjkxODI1ODE1NTYzMTk3GAA&sigh=MkcyrtUT8Ak&uach_m=[UACH]&cid=CAQSGwCsnQUxqYlpkX6yS9UmYFU4FPjLH2I01KjHDRgB

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.200.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 11 Sep 2022 23:26:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Sun, 11 Sep 2022 23:26:11 GMT

GET
H2 200 log
hblg.media.net/ Frame 915A 35 B
0 1620ms
554ms Fetch
image/gif 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://hblg.media.net/log?logid=kfk&evtid=l1log&app=0&cc=AU&ctr=-1.0&viewability=85&device_id=4&cbdp=0.03&slotVisibility=1&dn=rethink.onl&acid=b97eee4b78614d4dbf645e6d2af255e8&ugd=4&size=728x90&pvid=313&csip=rtb-common-istio-59f7fddfbb-q9bwd.SG&ogbdp=0.03&prvReqId=47000638534600_195634787_52982010413131&itype=ADX&requrl=https%3A%2F%2Fwww.rethink.onl%2F&scrid=1700080812610100728009000000500&mang=1&bidrestime=1662938771138&cid=8CU3SX34C&rme=nurl

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400 ; includeSubDomains

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 11 Sep 2022 23:26:12 GMT
strict-transport-security: max-age=86400 ; includeSubDomains
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Sun, 11 Sep 2022 23:26:12 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 915A 35 B
0 886ms
296ms Fetch
image/gif 42.99.140.144
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.0500&ss_d2=0&stid=&other_prv=313&jar_err=&current_day=0.0&adtyp=0&req_id=Yx5ukwABFEoK1QUQ9w-tbw&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&exp=&fdbk_id=&second_bidder=*&floor_bucket=0.00&gpid_format=&seat=BID_API&size=728x90&url_l1=index.php&f_seg=&prdp=0.0300&ogcbdp=0.0300&dfpbd=0.0300&server=1&ogerpm_wd_bkt=0-1&viewability=0.8500&dmm_r=0.0000&cut=0&dmm_l=0.0000&tcyerpm=&sc=AU-VIC&send_erpm=false&sd=0&hb_exp=&seg=&erpm_bucket=0.05&ugd_ver=&requrl=rethink.onl%2Findex.php%2F&bidrestime=1662938771138&cc=AU&strg=no_strategy&ss=&current_hour=23&time_stamp=2022-09-11+23%3A26%3A11&rvshhon=&bdp=0.0300&ct=Melbourne&akey=&mnckfl=0&bdp_bucket=0.05&algo=mrg-4.0&dc=apac_sg&splid=&dn=rethink.onl&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=b97eee4b78614d4dbf645e6d2af255e8&infl=&o_ver=NT+10.0&br_ver=89.0.4389.72&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=8.14.1&totalTimeBucket=2&visibility=1&totalTime=2081730&dmm_m1=2022-09-11+23%3A26%3A11.139433203&e_rpm=0.0000&dmm_m22=0.0500&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&rawbid=0.0300&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-common-istio-59f7fddfbb-q9bwd.SG&dfp_bucket=0.0&adblk=3461795557&itype=adx&pvid_seat=313_BID_API&cliIP=1741815296&advurl=topics.businessfocus.online%2F&crid=529820104&sat=1&br_id=265&cut_bkt=40&gpid=&iwb=1&second_bid=0.000000&sc_pvid=313&capd=0&other_bids=0.03
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 42.99.140.144 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-144.pacnet.net
Software: /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 11 Sep 2022 23:26:12 GMT
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Sun, 11 Sep 2022 23:26:12 GMT

GET
H2 200 nmedianet.js
contextual.media.net/ Frame 915A 162 KB
56 KB 1562ms
541ms Script
text/javascript 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
x-mnt-h: 21-wghw
content-encoding: gzip
server: Apache
etag: "75223ecf2ceea4007a28304a3f1fdfaf"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Sun, 11 Sep 2022 23:26:12 GMT
strict-transport-security: max-age=31536000
x-mnt-w: 8-31
expires: Sun, 11 Sep 2022 23:31:12 GMT

GET
H2 200 adperformance.js
warp.media.net/rtb/resource/ Frame 915A 34 KB
0 2361ms
1298ms Script
application/javascript 184.85.105.5
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

184.85.105.5 Kuala Lumpur, Malaysia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: nginx
date: Sun, 11 Sep 2022 23:26:12 GMT
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=55941
access-control-allow-credentials: true
content-length: 62892
expires: Mon, 12 Sep 2022 14:58:33 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 915A 3 KB
1 KB 520ms
224ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 22:46:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 22:46:00 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/ Frame 915A 17 KB
8 KB 475ms
180ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220907/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e368951bc5918b3d9fbc8205bfdf0d8be8b79da09b457bb113307063f3b1bc89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:00:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1552
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7592
x-xss-protection: 0
server: cafe
etag: 7248493764890666469
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 25 Sep 2022 23:00:19 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 915A 141 KB
44 KB 180ms
179ms Script
text/javascript 142.251.12.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1662938770&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dhawkins48hawkins&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1662938770413&bpp=1&bdt=1164&idt=512&shv=r20220907&mjsv=m202209070101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=1945373071049&frm=20&pv=1&ga_vid=1051000981.1662938771&ga_sid=1662938771&ga_hid=2013805999&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44761793%2C31069438%2C44772928%2C31069036%2C31067825&oid=2&pvsid=2041383936665834&tmod=652840087&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=WtTLRoxlsI&p=https%3A//www.rethink.onl&dtd=515

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50f77fa9d32c1323f7e50da8d807f556cdddaea2161de6cf84a0c8b4c1dd6f79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44740
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1662550240112033"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 11 Sep 2022 23:26:11 GMT

GET
H2 200 ca-pub-2291825815563197 Show response
fundingchoicesmessages.google.com/i/ 105 KB
37 KB 542ms
202ms Script
application/javascript 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2291825815563197?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202209070101/show_ads_impl_fy2021.js?bust=31069438

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0426affe158b29b5e7b605a57ec7b9af08473487a7fbe119ff6328ef3ec75722

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-bLjf4XsuD1pv51IFZVvP0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-bLjf4XsuD1pv51IFZVvP0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXCDaSZGxnHAGrybUlU2v5uUfXV5LtlnBrU_8wNaOk52SdLSMTgE91U78ognA2VbXMxQU_bIwU1u4PtG_rKK2E= Show response
fundingchoicesmessages.google.com/f/ 6 KB
3 KB 503ms
201ms Script
application/javascript 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXCDaSZGxnHAGrybUlU2v5uUfXV5LtlnBrU_8wNaOk52SdLSMTgE91U78ognA2VbXMxQU_bIwU1u4PtG_rKK2E=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYyOTM4NzcyLDI4MDAwMDAwMF0sIjM5N0RGRTkxLUM1M0QtNEIzRC04NUMyLTA2MzMwRjc5NzUxQyIsbnVsbCxudWxsLFtudWxsLFs3XSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsdHJ1ZSx0cnVlXSwiaHR0cHM6Ly93d3cucmV0aGluay5vbmwvaW5kZXgucGhwIixudWxsLFtbOCwicHhnWE1MNFNMN1EiXV1d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.pxgXML4SL7Q.es5.O/d=1/rs=AJlcJMyR64vBJkHErIk9ClYzr0npLDq4ZA/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea14a97a6be5fc3dc4d6678d4e8fdd69d7f92d18344cd8e5d0f0c8c427fd7bef

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-73SB2dxPDnGg1dzdAjikMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorGlobalRouterHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorGlobalRouterHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorGlobalRouterHttp/external"}]}
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-73SB2dxPDnGg1dzdAjikMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVn0xy7iO7LDy7IR9ncBrnU-yynSs_TIDPQcgEYP1YGfjJw9fjaaKzNU4gzTwjxtYlhBMNy_vBgFfKccqLcUQWJ_K543I0_dgQ7e80NdUk5UDNIAkFWBPm9nW4LfRszdf-DCdGeQQ== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 535ms
190ms XHR
text/html 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVn0xy7iO7LDy7IR9ncBrnU-yynSs_TIDPQcgEYP1YGfjJw9fjaaKzNU4gzTwjxtYlhBMNy_vBgFfKccqLcUQWJ_K543I0_dgQ7e80NdUk5UDNIAkFWBPm9nW4LfRszdf-DCdGeQQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MXpX5vGJWJCETnR-B9Tqyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 11 Sep 2022 23:26:13 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-MXpX5vGJWJCETnR-B9Tqyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxXIV3lK11XeDxPAtFrfR_P9X0kJ_mHjN3x-A5SUf4IXYo2TY-O-1klIWDgJ6Mkeb_iPk4ouRPE2FbAKMDJuQ077P4s4VPHSJtpaDw3uxCi5_pqjVloxD_XDflqogqbhD31QDB0sbw== Show response
fundingchoicesmessages.google.com/f/ 17 KB
7 KB 229ms
228ms Script
application/javascript 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXIV3lK11XeDxPAtFrfR_P9X0kJ_mHjN3x-A5SUf4IXYo2TY-O-1klIWDgJ6Mkeb_iPk4ouRPE2FbAKMDJuQ077P4s4VPHSJtpaDw3uxCi5_pqjVloxD_XDflqogqbhD31QDB0sbw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYyOTM4NzcyLDc5ODAwMDAwMF0sIjM5N0RGRTkxLUM1M0QtNEIzRC04NUMyLTA2MzMwRjc5NzUxQyIsbnVsbCxudWxsLFtudWxsLFs3LDEwXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSwxXSwiaHR0cHM6Ly93d3cucmV0aGluay5vbmwvaW5kZXgucGhwIixudWxsLFtbOCwicHhnWE1MNFNMN1EiXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

40c18ee00d04034579bf59e13c4809d78d10bd3993d810975ad37ad71ee2b7ea

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-ambkP0CMOCi-9U6vzh9dlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-ambkP0CMOCi-9U6vzh9dlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Sun, 11 Sep 2022 23:26:12 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
68 B 191ms
190ms Image
image/gif 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=2.1250622671768284

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-zzSViX9v8Pphw041gqK-9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-zzSViX9v8Pphw041gqK-9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Sun, 11 Sep 2022 23:26:14 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
69 B 193ms
193ms Image
image/gif 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=0.844712202223014

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=hawkins48hawkins

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-l7dwy3bL1R5T7mF93bLIYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 11 Sep 2022 23:26:14 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingDetectionHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingDetectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingDetectionHttp/external"}]}
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-l7dwy3bL1R5T7mF93bLIYQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET smtr
contextual.media.net/ Frame 7C6C 0
0

GET bping.php
lg3.media.net/ Frame 7C6C 0
0

GET checksync.php
contextual.media.net/ Frame 04EB 0
0

GET clog
hblg.media.net/ Frame 7C6C 0
0

GET
DATA 200
OK truncated
/ Frame 7C6C 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 40c18d8a6e56b71f96454ed9d90cb467de6c85385b969c56b5bb292a810c6ea4

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 AGSKWxUdri8-YZJi08rjy9hNzCvBl8m95Ue4ayvMqunSfMLLv_5uvLgWfz-u928C4SCNrvpd3LJiMft5usodom83830aZko-MgnAH3x1_GTVoHYrCrf0jj8wKvIoU44I0A24A1HO6nUA6A== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 193ms
192ms XHR
text/html 172.217.194.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUdri8-YZJi08rjy9hNzCvBl8m95Ue4ayvMqunSfMLLv_5uvLgWfz-u928C4SCNrvpd3LJiMft5usodom83830aZko-MgnAH3x1_GTVoHYrCrf0jj8wKvIoU44I0A24A1HO6nUA6A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.194.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS