www.rethink.onl Open in urlscan Pro
68.178.233.66 Public Scan

Software

cafe /

Resource Hash

ee722ccaf7e7ad3676aef5e72cedd573ca9af246518db16fd2e0fb448e2b294d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57192
x-xss-protection: 0
server: cafe
etag: 5185396318241682514
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 23 Aug 2022 21:23:29 GMT

GET
H2 200 fontello.woff
www.rethink.onl/qa-theme/SnowFlat/fonts/ 7 KB
7 KB 393ms
393ms Font
font/woff 68.178.233.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.rethink.onl/qa-theme/SnowFlat/fonts/fontello.woff?70015067
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.178.233.66 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-68-178-233-66.ip.secureserver.net
Software: Apache /
Resource Hash: c7aca9ebef12465aad206aae5351ba575eebe4b5e3f0fb1d99f4f92f1c4f396d

Request headers

Referer: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Origin: https://www.rethink.onl
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:29 GMT
content-encoding: br
last-modified: Mon, 25 Jul 2016 20:01:58 GMT
server: Apache
etag: "2bc121a-1c20-5387b41b3f980-br"
vary: Accept-Encoding
content-type: font/woff
accept-ranges: bytes
content-length: 7131

GET
H2 200 spinner-icon-14x14.gif
www.rethink.onl/qa-theme/SnowFlat/images/ 8 KB
8 KB 392ms
392ms Image
image/gif 68.178.233.66
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.rethink.onl/qa-theme/SnowFlat/images/spinner-icon-14x14.gif?1410117644
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 68.178.233.66 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS: ip-68-178-233-66.ip.secureserver.net
Software: Apache /
Resource Hash: 07a75636966b34dd8bbafee0ebced659b03bab0e57641e1fa035ca7da0bd39ce

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/qa-theme/SnowFlat/qa-styles.css?1.8.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:29 GMT
last-modified: Sat, 12 Jan 2019 20:15:15 GMT
server: Apache
accept-ranges: bytes
etag: "2bc1228-1e65-57f48783a1ac0"
content-length: 7781
content-type: image/gif

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/ 341 KB
120 KB 210ms
209ms Script
text/javascript 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

03b14184861a1442d9b7258bf4c6dc7ea78351be5179adda3857cd49dfc10272

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 122622
x-xss-protection: 0
server: cafe
etag: 17620972829521432287
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 23 Aug 2022 21:23:30 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220818/r20190131/ Frame B434 10 KB
5 KB 576ms
191ms Document
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220818/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de317176fa6b64a8e89bbd45d20b6be2560bbfa96e7e53e63eb754e18bfe6c1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

age: 69987
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4412
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 01:57:03 GMT
etag: 8616628553774171045
expires: Tue, 06 Sep 2022 01:57:03 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 389 B
459 B 194ms
194ms Script
text/javascript 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.rethink.onl&callback=_gfp_s_&client=ca-pub-2291825815563197&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8e4aca119c3f442f00cb963d0e52db02479811c5df9165143bec29d25c55f7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 251
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com.au/adsid/ 107 B
792 B 580ms
196ms Script
application/javascript 142.251.12.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com.au/adsid/integrator.js?domain=www.rethink.onl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f156.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Aug 2022 21:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 581ms
195ms Script
application/javascript 142.251.12.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.rethink.onl

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.12.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

se-in-f155.1e100.net

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Aug 2022 21:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame FC2C 37 KB
14 KB 405ms
404ms Document
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

518f877fdd9c30a0f172eb4a84911849e43421bd8def51de8196184bca9787e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 13770
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 21:23:30 GMT
expires: Tue, 23 Aug 2022 21:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A295 37 KB
14 KB 341ms
341ms Document
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810216&bpp=2&bdt=1701&idt=519&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=5266776250203&frm=20&pv=1&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=KPO1LQCkUy&p=https%3A//www.rethink.onl&dtd=522

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ac1e7a66ece11bb9089a9efef65d7d18e714dd2162dece8ffe730573d9bd255

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 13778
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 21:23:30 GMT
expires: Tue, 23 Aug 2022 21:23:30 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 1B46 13 KB
5 KB 434ms
434ms Document
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&adk=1812271804&adf=3025194257&lmt=1661289810&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&ea=0&pra=7&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810229&bpp=1&bdt=1713&idt=512&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90%2C1004x90&nras=1&correlator=5266776250203&frm=20&pv=1&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=3&uci=a!3&fsb=1&dtd=517

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

74c82dbc567908cce3ea420c81da290509f4855138c445b1b8ec78aa8f6c887c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 4844
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 23 Aug 2022 21:23:31 GMT
expires: Tue, 23 Aug 2022 21:23:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3563 0
0 503ms
202ms Fetch
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ca4lNUkUFY7fMM8eOowOF-qTIBazX_fBktPaok-ILwI23ARABIABgpYCAgJABggEXY2EtcHViLTIyOTE4MjU4MTU1NjMxOTegAZX1m98DyAEJqAMBqgTTAU_QKNn_MKyUp4SiyEIakrZWTv3IDigplb6IUBrC3jJcf-mzzFgBsC_z-xH81VxNisAG_NthlzwgG2N65jwTa-m9-QzQLMwWryhQgeRRz8JcmCYSf216QhZcSV2fJXwScaXsEc627zRXNvmI9qGdZLyVLHi2tTL8A63nI0FBkvA-bMvhXVBi8hADYpKthnr2db-eBYFP8kCPOYu4t_WEjh9A01d0nBP5p3Bwe8I-o8L2fcZXTo9uOeix2ZK3Hy89lYoH79YDyI11AkczaE6Oidn6sUyABobVt7er_bak-AGgBiGoB4qYsQKoB6a-G6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggNCIBhEAEyAooCOgKAQIAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi0yMjkxODI1ODE1NTYzMTk3GAA&sigh=H3yfx1jumJA&uach_m=[UACH]&cid=CAQSGwCsnQUxqQTdMYzYaHTAaodWYYbYPzEzh5ObNRgB

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810216&bpp=2&bdt=1701&idt=519&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=5266776250203&frm=20&pv=1&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=KPO1LQCkUy&p=https%3A//www.rethink.onl&dtd=522
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 23 Aug 2022 21:23:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 log
hblg.media.net/ Frame 3563 35 B
0 776ms
256ms Fetch
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hblg.media.net/log?logid=kfk&evtid=l1log&app=0&cc=AU&ctr=-1.0&viewability=83&device_id=4&cbdp=0.03&slotVisibility=1&dn=rethink.onl&acid=1d2069c7f1424e66b8508a3fae3714a9&ugd=4&size=728x90&pvid=313&csip=rtb-common-istio-85cb58b4b7-ljj2h.SG&ogbdp=0.03&prvReqId=54990414430343_1707885037_52982010413131&itype=ADX&requrl=https%3A%2F%2Fwww.rethink.onl%2F&scrid=1700080812610100728009000000500&mang=1&bidrestime=1661289810930&cid=8CU3SX34C&rme=nurl
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:31 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame 3563 35 B
0 620ms
200ms Fetch
image/gif 42.99.140.144
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.0400&ss_d2=0&stid=&other_prv=313&jar_err=&current_day=2.0&adtyp=0&req_id=YwVFUgANoqUCrIniSgZ61A&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&exp=&fdbk_id=&second_bidder=*&floor_bucket=0.00&gpid_format=&seat=BID_API&size=728x90&url_l1=index.php&f_seg=&prdp=0.0300&ogcbdp=0.0300&dfpbd=0.0300&server=1&ogerpm_wd_bkt=0-1&viewability=0.8300&dmm_r=0.0000&cut=0&dmm_l=0.0000&tcyerpm=&sc=AU-NSW&send_erpm=false&sd=0&hb_exp=&seg=&erpm_bucket=0.05&ugd_ver=&requrl=rethink.onl%2Findex.php%2F&bidrestime=1661289810930&cc=AU&strg=no_strategy&ss=&current_hour=21&time_stamp=2022-08-23+21%3A23%3A30&rvshhon=&bdp=0.0300&ct=beaconsfield&akey=&mnckfl=0&bdp_bucket=0.05&algo=mrg-2.5&dc=apac_sg&splid=&dn=rethink.onl&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=1d2069c7f1424e66b8508a3fae3714a9&infl=&o_ver=NT+10.0&br_ver=89.0.4389.72&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=8.13.0&totalTimeBucket=3&visibility=1&totalTime=3598780&dmm_m1=2022-08-23+21%3A23%3A30.932757271&e_rpm=0.0000&dmm_m22=0.0400&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&rawbid=0.0300&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-common-istio-85cb58b4b7-ljj2h.SG&dfp_bucket=0.0&adblk=3461795557&itype=adx&pvid_seat=313_BID_API&cliIP=2918568192&advurl=topics.businessfocus.online%2F&crid=529820104&sat=1&br_id=265&cut_bkt=25&gpid=&iwb=1&second_bid=0.000000&sc_pvid=313&capd=0&other_bids=0.03
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 42.99.140.144 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-144.pacnet.net
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Aug 2022 21:23:31 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame 3563 164 KB
56 KB 1031ms
513ms Script
text/javascript 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810216&bpp=2&bdt=1701&idt=519&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=5266776250203&frm=20&pv=1&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=KPO1LQCkUy&p=https%3A//www.rethink.onl&dtd=522

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

0806cbb0c5ec6d20ef057a2f771da9201c3db23f980f68e3218f866e697af9b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
x-mnt-h: 8-12
content-encoding: gzip
server: Apache
etag: "1d27717da381e79aea5535da0f4dab42"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Tue, 23 Aug 2022 21:23:31 GMT
strict-transport-security: max-age=31536000
x-mnt-w: 8-7
expires: Tue, 23 Aug 2022 21:28:31 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame 3563 61 KB
62 KB 769ms
255ms Script
application/javascript 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

nginx /

Resource Hash

3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: nginx
date: Tue, 23 Aug 2022 21:23:31 GMT
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=19620
access-control-allow-credentials: true
content-length: 62892
expires: Wed, 24 Aug 2022 02:50:31 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 3563 3 KB
1 KB 631ms
244ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Sep 2022 16:22:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3563 140 KB
44 KB 579ms
192ms Script
text/javascript 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame 3563 17 KB
7 KB 602ms
215ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Sep 2022 16:22:18 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame A917 0
0 505ms
204ms Fetch
text/html 172.217.194.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CwuCsUkUFY979Mvqrz7sP8OGm6ASs1_3wZLT2qJPiC8CNtwEQASAAYKWAgICQAYIBF2NhLXB1Yi0yMjkxODI1ODE1NTYzMTk3oAGV9ZvfA8gBCagDAaoE0wFP0PHWdogEXnM_PnC-ndWavWiX0y6I1v41v4JXECxuJGryJJw4f_EwQeSO_x2Qbi2srl_dfx0YKcaJDD21hKTgMuspCa2JhzCTWYdHv1G4OmA92R33q7S8Oa_z37pRjrHOKn8vtos1-BWgGBiGRxhy4TcYdlo1TvNVMlRDnNw7aXYKd_lFXrvnY-_3GSBhB1U33CjoWH4M1ouSbfuE9W6dh6i_SIBiQ3U7T5qeCJoBReL6ZFiD-_Ohu8v5b-wnkC7FgWq17TbRZm_IKAUvcwOni1GpgAaG1be3q_22pPgBoAYhqAeKmLECqAemvhuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIDQiAYRABMgKKAjoCgECACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItMjI5MTgyNTgxNTU2MzE5NxgA&sigh=LDd-C8VYk7E&uach_m=[UACH]&cid=CAQSGwCsnQUx9bP-ZIoCBu-WYRlSByRlrn-UqUsLMhgB

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.194.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Tue, 23 Aug 2022 21:23:31 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 log
hblg.media.net/ Frame A917 35 B
0 721ms
257ms Fetch
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hblg.media.net/log?logid=kfk&evtid=l1log&app=0&cc=AU&ctr=-1.0&viewability=87&device_id=4&cbdp=0.04&slotVisibility=1&dn=rethink.onl&acid=aa2fefd645eb44c285ec72ba6fccc7bf&ugd=4&size=728x90&pvid=313&csip=rtb-common-istio-85cb58b4b7-zs8wq.SG&ogbdp=0.04&prvReqId=54316857911132_906431065_52982010413131&itype=ADX&requrl=https%3A%2F%2Fwww.rethink.onl%2F&scrid=1700080812610100728009000000500&mang=1&bidrestime=1661289810955&cid=8CU3SX34C&rme=nurl
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:31 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H/1.1 200
OK log
qsearch-a.akamaihd.net/ Frame A917 35 B
0 591ms
197ms Fetch
image/gif 42.99.140.144
ASN-TELSTRA-GLOBA...

General

Check archive.org

Show headers Download Go to

Full URL: https://qsearch-a.akamaihd.net/log?logid=kfk&evtid=dmmra&ckfl=0&lper=&app_type=adx_test&bdr_typ=1&ss_d1=0&ogerpm=0.0400&ss_d2=0&stid=&other_prv=313&jar_err=&current_day=2.0&adtyp=0&req_id=YwVFUgANm0YBc8YGRA7QjA&bd_m3=0.0000&bidfp=0.0100&bd_m2=0.0000&pvag_id=&bd_m1=0.0000&ugd=4&dim10=false&exp=&fdbk_id=&second_bidder=*&floor_bucket=0.00&gpid_format=&seat=BID_API&size=728x90&url_l1=index.php&f_seg=&prdp=0.0400&ogcbdp=0.0400&dfpbd=0.0400&server=1&ogerpm_wd_bkt=0-1&viewability=0.8700&dmm_r=0.0000&cut=0&dmm_l=0.0000&tcyerpm=&sc=AU-NSW&send_erpm=false&sd=0&hb_exp=&seg=&erpm_bucket=0.05&ugd_ver=&requrl=rethink.onl%2Findex.php%2F&bidrestime=1661289810955&cc=AU&strg=no_strategy&ss=&current_hour=20&time_stamp=2022-08-23+21%3A23%3A30&rvshhon=&bdp=0.0400&ct=beaconsfield&akey=&mnckfl=0&bdp_bucket=0.05&algo=no_strategy&dc=apac_sg&splid=&dn=rethink.onl&ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&buyer_id=&bdp_wider_bucket=1&acid=aa2fefd645eb44c285ec72ba6fccc7bf&infl=&o_ver=NT+10.0&br_ver=89.0.4389.72&bdmm_m6=0.0000&bdmm_m7=0.0000&bdmm_m5=0.0000&ver=8.13.0&totalTimeBucket=2&visibility=1&totalTime=2360970&dmm_m1=2022-08-23+21%3A23%3A30.957127758&e_rpm=0.0000&dmm_m22=0.0400&gdpr=&vsid=&log_less=false&gpid_sent=false&ogerpm_used=false&bdmm_m12=0.0000&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&rawbid=0.0400&seat_id=BID_API&sub_bidder=196&pst=EMS&pbshr=100.0000&dmm_d10=&o_id=101&clisp=rtb-common-istio-85cb58b4b7-zs8wq.SG&dfp_bucket=0.0&adblk=3461795557&itype=adx&pvid_seat=313_BID_API&cliIP=2918568192&advurl=topics.businessfocus.online%2F&crid=529820104&sat=1&br_id=265&cut_bkt=1&gpid=&iwb=1&second_bid=0.000000&sc_pvid=313&capd=0&other_bids=0.04
Requested by: Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 42.99.140.144 , Japan, ASN4637 (ASN-TELSTRA-GLOBAL Telstra Global, HK),
Reverse DNS: ip-42-99-140-144.pacnet.net
Software: Jetty(9.4.35.v20201120) /
Resource Hash

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 23 Aug 2022 21:23:31 GMT
Server: Jetty(9.4.35.v20201120)
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 35
Expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 nmedianet.js Show response
contextual.media.net/ Frame A917 164 KB
56 KB 748ms
287ms Script
text/javascript 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

f22a69546e42c8899d219e3dd98156bf6e2117dd0fb5f63191fbcbc482fc8fa7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
x-mnt-h: 8-12
content-encoding: gzip
server: Apache
etag: "1d27717da381e79aea5535da0f4dab42"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=300
date: Tue, 23 Aug 2022 21:23:31 GMT
strict-transport-security: max-age=31536000
x-mnt-w: 8-7
expires: Tue, 23 Aug 2022 21:28:31 GMT

GET
H2 200 adperformance.js Show response
warp.media.net/rtb/resource/ Frame A917 61 KB
62 KB 1013ms
555ms Script
application/javascript 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://warp.media.net/rtb/resource/adperformance.js?v=35e90bcdc8

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

nginx /

Resource Hash

3378135f525fc551ce49d2c117e9967735794757a4c71910d8c1b8fa38bf3f2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=604800
server: nginx
date: Tue, 23 Aug 2022 21:23:31 GMT
content-type: application/javascript;charset=ISO-8859-1
cache-control: max-age=19620
access-control-allow-credentials: true
content-length: 62892
expires: Wed, 24 Aug 2022 02:50:31 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame A917 3 KB
1 KB 575ms
245ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Sep 2022 16:22:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/ Frame A917 17 KB
8 KB 522ms
191ms Script
text/javascript 74.125.200.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220822/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.200.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

57000ea03bfb53734d0858b8fe992e6742226f23f311eb0f9d2177e2a84a5621

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 16:22:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18073
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7599
x-xss-protection: 0
server: cafe
etag: 9215437806027971270
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 06 Sep 2022 16:22:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A917 140 KB
43 KB 787ms
457ms Script
text/javascript 74.125.24.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.24.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

sf-in-f156.1e100.net

Software

sffe /

Resource Hash

a4f8d308a537be4d8442135addd3a1637ad70c831ec8d6fb21b460dc392031e3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44049
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1661168302676581"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 23 Aug 2022 21:23:31 GMT

GET
H2 200 ca-pub-2291825815563197 Show response
fundingchoicesmessages.google.com/i/ 105 KB
37 KB 615ms
226ms Script
application/javascript 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-2291825815563197?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f64b88d5aad8fc2b0891858a0ed3624263ba5ea23e867262ff8fe0815c9819d2

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-QaGPclfCwlKO5oRYPBI1jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-QaGPclfCwlKO5oRYPBI1jw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-QaGPclfCwlKO5oRYPBI1jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'nonce-QaGPclfCwlKO5oRYPBI1jw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 23 Aug 2022 21:23:31 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 193ms
193ms Image
image/gif 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_inf_scr&r=p&pg_h=1200&su=www.rethink.onl&d=0&pvc=4056537688180009&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 193ms
192ms Image
image/gif 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_inf_scr&r=s&pg_h=1200&su=www.rethink.onl&d=0&pvc=4056537688180009&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:31 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 AGSKWxXuE8GXg_OvWYSBzLsTfEVX4UWPJXwICTBTVacTaA8hhOCOYkpX96l13WjwDIx8mKkPNHPnztbY_lC63KBWfr0= Show response
fundingchoicesmessages.google.com/f/ 6 KB
3 KB 525ms
223ms Script
application/javascript 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXuE8GXg_OvWYSBzLsTfEVX4UWPJXwICTBTVacTaA8hhOCOYkpX96l13WjwDIx8mKkPNHPnztbY_lC63KBWfr0=?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYxMjg5ODEyLDgyMDAwMDAwXSwiNzY4NUNCQzAtRjFBRC00NzMzLTg1QkItOUU5NUQ1REExMEMxIixudWxsLG51bGwsW251bGwsWzddLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCx0cnVlLHRydWVdLCJodHRwczovL3d3dy5yZXRoaW5rLm9ubC9pbmRleC5waHAiLG51bGwsW11d

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.qLcFjXfg53Q.es5.O/d=1/rs=AJlcJMxiZ71Cm6_NozRiKnRLkL5UQeO7Og/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

ESF /

Resource Hash

a3c9707eaf5c7919797d9e66311eff492b8bc1a4f7e618f3d93da178044a1327

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-NvdfNnKoUlkMRHaabhdEzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-NvdfNnKoUlkMRHaabhdEzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 23 Aug 2022 21:23:32 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 smtr Show response
contextual.media.net/ Frame 3563 86 KB
33 KB 726ms
725ms Script
text/javascript 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=0&cid=8CUABW64L&cpcd=ZNUXWKgjxAVr8bMpeLkZyA%3D%3D&crid=721135687&size=728x90&cc=AU&chnm=NO_STRATEGY&pid=8PO15GP54&tpid=TT2CP55&https=1&vif=2&requrl=https%3A%2F%2Fwww.rethink.onl%2F&kwrf=https%3A%2F%2Fwww.rethink.onl&nse=5&vi=1661289811378723521&lw=1&ugd=4&adt1=8CU3SX34C&adt2=529820104&bae=B44BgaeNBe&bcpf=B48fOnRrolnfOur84BgaeNBe&bdrId=313&ntv=0&matchstring=hr%3D0%7C&katpre=1&katbid=-103&pgid=p11587259833t202208232123&goent=1&nb=1&cadomain=tzR-hLcl-L81q0bo4F7GnA3mMwDIDjC2d77KxBXphR_fTCDUsmLZYQ%3D%3D&allsc=NSW

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Resource Hash

32add2103bfa6cbb8c64080699ab928c91890fca7bf5665b535b0a52f1cc0c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 23 Aug 2022 21:23:33 GMT
cache-control: max-age=0, no-cache, no-store
x-sc-h: 22-dmnt
strict-transport-security: max-age=31536000
timing-allow-origin: *
content-length: 32973
x-sc-w: 22-rc54

GET
H2 200 bping.php
lg3.media.net/ Frame 3563 15 B
15 B 261ms
254ms Image
text/html 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=562&&vgd_cdv=782&gdpr=0&prid=8PRVCXX19&cid=8CUABW64L&crid=721135687&vi=1661289811378723521&ugd=4&lf=6&kwrf=https%3A%2F%2Fwww.rethink.onl&cc=AU&sc=NSW&lper=100&wsip=2886781032&r=1661289812503&requrl=https%3A%2F%2Fwww.rethink.onl%2F&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=54203&vgd_rakh=1661289811190517252&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CU3SX34C&vgd_hb_audit_2=529820104&vgd_pgid=p11587259833t202208232123&vgd_pgids=1&vgd_uspa=0&hvsid=00001661289812500029185683583422&gdpr=0&vgd_end=1

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 23 Aug 2022 21:23:32 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=47299
content-length: 15

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 43E3 26 KB
10 KB 307ms
306ms Document
text/html 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU3SX34C&prvid=99%2C77%2C20000%2C2033%2C262%2C241%2C3018%2C246%2C4%2C313%2C359%2C10000%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

716d7ddd506e071f16559ef4ba93a77fd1a0ef62a521d0455b0054e31c764ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9411
content-type: text/html; charset=UTF-8
date: Tue, 23 Aug 2022 21:23:32 GMT
expires: Thu, 25 Aug 2022 21:23:32 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame 3563 35 B
172 B 258ms
256ms Image
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/clog?logid=awlog&pixel_len_bucket=4302&lmt_enf=true&req_mtype%3C%3E=0&mx_nsz=1&spSource=0&ifst=0&vid=YwVFUgANoqUCrIniSgZ61A&s_city=singapore&ugd=4&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=3&device_id=4&ae=false&mx_UCC=1&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.030&size=728x90&mx_TAS=1&mx_gpid_sent=false&xtmax=290&commit_id=ba20ae08&scrid=1700080812610100728009000000500&itypeid=17&mx_SPRIG=0&viewability=83&renderer=0&be=0&rtime=24.0&adj0=0.0&tmax=300&s_ip=74.125.190.129&adj2=0.0&adj1=0.0&feedback_id=YwVFUgANoqUCrIniSgZ61A&adtypes=0&mx_aabpc=0&reqid=YwVFUgANoqUCrIniSgZ61A&sc=AU-NSW&mowxReqId=1d2069c7f1424e66b8508a3fae3714a9_1&ifdp=0&requrl=https%3A%2F%2Fwww.rethink.onl%2F&bidrestime=1661289810930&pv_adtype=0&cc=AU&strg=NO_STRATEGY&pcrid=8CUABW64L-721135687-35-15&coppa_enf=true&bdp=0.030&ct=beaconsfield&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D290%7CNO_STRATEGY%7Cbrr%3D1&mx_epbc=8CUABW64L&dnt_enf=false&mx_ssBucket=0&vls=0&asn=54203&mang=1&fleet=common-istio&mx_isLossNtf=false&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dn=rethink.onl&dt=O&acid=1d2069c7f1424e66b8508a3fae3714a9&actltime=30&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=32%7C34%7C70%7C7%7C13%7C14%7C15%7C48%7C16%7C17%7C18%7C114%7C19%7C20%7C22%7C25%7C26%7C27&dfpBd=0.03&sckfl=0&dmm_erpm=false&mx_lr=0&mview=1&smbrid=adx-1&bfs=103&rfc=-1&prvApiId=8CUABW64L&epcexp=false&pubid=pub-ADX-101418826937&mx_bsProfile=0&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&omul=1.0&res_mtype=0&apPrfs%3C%3E=62%23%2313%23%2361&chnl=NO_STRATEGY&pst=0&reqsize=728x90&adpos=1&itype=ADX&mx_g_one_uid_sent=None&spCst=0&mx_sid=8CUABW64L&tgtval=pub-ADX-101418826937&__expireat=1661290411185&lmt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=721135687&ckfl=0&lper=1&mx_tgs=728x90&cbdp=0.03&pvdTmax=253&ltime=29.0&epc=721135687&prvReqId=54990414430343_1707885037_52982010413131&zip=2015&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=ADX-pub-2291825815563197&ybnca_erpm=0.04&brsrclk=0&sbdrid=196&rtttime=36&apTags%3C%3E=75&mx_PC=1&wsip=mowx-istio-6c46778c64-dshng&currsrc_date=2022-08-23+00%3A00%3A00&psrc=fail&geoll=false&omid=0&debug_ts=2022-08-23+21%3A23%3A30&policy_enf=2&mx_ssProfile=0&mx_SC=0&reftime=0&pbidflr=0.010&spbf=0&currsrc=API&fpusp=false&lmt_applied=N&mnrfc=-1&pub_blk_enf=1&amptype=1&moau=true&ocurr=USD&snm=SUCCESS&mx_IAB2=0&usp_enf=1&bidflr=0.010&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&pvid=313&schain_cmpl=1&is_ortb=false&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=1&dbf=1&gdpr=0&gqid=AHfbET62uFtN2rjBLSghEbmCiTVkWZkRu1lwNsvQSkmQHPvtNmnz09EnPV_HGqGODdAGdtPs&dmm_ogerpm=false&csip=rtb-common-istio-85cb58b4b7-ljj2h.SG&mx_bsBucket=0&mx_aurt=0&spIvt=3&ptype=23&media=0&acsn=1&dtc=apac_sg&mx_aqcpl_crid=4&ogbdp=0.03&tpbTkn=false&adblk=3461795557&fpuReq=0&vcmplrt=-1.0&crid=529820104&geo_source=2&sat=1&mnet_ckfl=0&opbidflr=0.010&impId=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.83~smm_bid%3D0.03~vis_sd%3D562~dc2%3D1~scd%3Dnsw~v_asn%3D54203~vl2r_sd%3D2022082311~iurl_b%3D1214.83~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.49~ip%3D3bw0Uw~fbb%3D0~vis_url_l%3D10~riipua%3D22%2C22~et%3D24~rc%3D1~rps_sd%3D2022082312~vis_b%3D805.51~url_b%3D0.82~url_tvi%3D0~smm_wr%3D15.1642~url_l%3D20~gcat%3D500283~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~bm%3D1~smm_sd%3D2022082312~sid%3D721135687~sd%3D0~uid%3DaQw4gah5ruaMS0R0L~btd%3D60213921828919204577171229865993707409174036779414237308752508061892050255417344~d2p_l%3D30~3pcf%3D1000~uim%3D0~dmm_strg%3Dno_strategy~d2p_b%3D0.97~ogd2p_b%3D0.94~vurl_b%3D1.4~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D45.48~vurl_l%3D20~CI%3D2724~nts%3D1~tb%3D-1~ct%3Dbeaconsfield~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.72~isif%3D0~lc%3D3~bid%3D0.03~dc%3D8~vl2r_b%3D1.01~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.83%7Eamp%3D1%7Ecbdp%3D0.030%7Edmm%3Dno_strategy%7Esuid%3D%7Edtc%3Dapac_sg%7Exid%3DADX-pub-2291825815563197%7Edalg%3Dmrg-2.5%7Ehtml%3D1%7Eadblk%3D3461795557%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.030%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D25%7Edogb%3D0-1~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D253&utime=1572&sf=0&cpr=0.45335658602255635
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=306952042&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810216&bpp=2&bdt=1701&idt=519&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&prev_fmts=1004x90&correlator=5266776250203&frm=20&pv=1&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=918&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=KPO1LQCkUy&p=https%3A//www.rethink.onl&dtd=522
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=3600
date: Tue, 23 Aug 2022 21:23:32 GMT
server: Apache
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Wed, 24 Aug 2022 03:23:32 GMT

GET
DATA 200
OK truncated
/ Frame 3563 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 674a69cf7f7fae322ff949add9570d227b2701eafaf9dd644ee0c60232e53b1b

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 smtr Show response
contextual.media.net/ Frame A917 86 KB
33 KB 681ms
681ms Script
text/javascript 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/smtr?cb=window._mNDetails.initAd&&gdpr=0&cid=8CUABW64L&cpcd=ZNUXWKgjxAVr8bMpeLkZyA%3D%3D&crid=721135687&size=728x90&cc=AU&chnm=NO_STRATEGY&pid=8PO15GP54&tpid=TT2CP55&https=1&vif=2&requrl=https%3A%2F%2Fwww.rethink.onl%2F&kwrf=https%3A%2F%2Fwww.rethink.onl&nse=5&vi=1661289811873261349&lw=1&ugd=4&adt1=8CU3SX34C&adt2=529820104&bae=B44BgaeNBe&bcpf=B44BgaeN8fOnRrolnfOur8Be&bdrId=313&ntv=0&matchstring=hr%3D0%7C&katpre=1&katbid=-103&pgid=p11587259833t202208232123&goent=1&nb=1&cadomain=tzR-hLcl-L81q0bo4F7GnA3mMwDIDjC2d77KxBXphR_fTCDUsmLZYQ%3D%3D&allsc=NSW

Requested by

Host: contextual.media.net
URL: https://contextual.media.net/nmedianet.js?cid=8CUABW64L

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

Resource Hash

51940bdd65e105d910e5ef0e45a23aa6be7977da8e017630999aedd009cd909c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
content-encoding: gzip
vary: Accept-Encoding
content-type: text/javascript
expires: Tue, 23 Aug 2022 21:23:33 GMT
cache-control: max-age=0, no-cache, no-store
x-sc-h: 22-6294
strict-transport-security: max-age=31536000
timing-allow-origin: *
content-length: 32972
x-sc-w: 22-rc54

GET
H2 200 bping.php
lg3.media.net/ Frame A917 15 B
15 B 255ms
255ms Image
text/html 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://lg3.media.net/bping.php?vgd_len=562&&vgd_cdv=782&gdpr=0&prid=8PRVCXX19&cid=8CUABW64L&crid=721135687&vi=1661289811873261349&ugd=4&lf=6&kwrf=https%3A%2F%2Fwww.rethink.onl&cc=AU&sc=NSW&lper=100&wsip=2886781032&r=1661289812621&requrl=https%3A%2F%2Fwww.rethink.onl%2F&vgd_l2type=sca&vgd_sbSup=1&vgd_is_amp=0&vgd_asn=54203&vgd_rakh=1661289811123047987&vgd_l1rhst=contextual.media.net&vgd_rpth=%2Fnmedianet.js&vgd_hb_audit_1=8CU3SX34C&vgd_hb_audit_2=529820104&vgd_pgid=p11587259833t202208232123&vgd_pgids=1&vgd_uspa=0&hvsid=00001661289812618029185683583411&gdpr=0&vgd_end=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-152-23.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 23 Aug 2022 21:23:32 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=47299
content-length: 15

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame ACCC 26 KB
10 KB 307ms
306ms Document
text/html 23.195.152.23
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.152.23 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

716d7ddd506e071f16559ef4ba93a77fd1a0ef62a521d0455b0054e31c764ef1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept-language: en-AU,en;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 9411
content-type: text/html; charset=UTF-8
date: Tue, 23 Aug 2022 21:23:32 GMT
expires: Thu, 25 Aug 2022 21:23:32 GMT
p3p: CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 clog
hblg.media.net/ Frame A917 35 B
172 B 257ms
256ms Image
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/clog?logid=awlog&pixel_len_bucket=4294&lmt_enf=true&req_mtype%3C%3E=0&mx_nsz=1&spSource=0&ifst=0&vid=YwVFUgANm0YBc8YGRA7QjA&s_city=singapore&ugd=4&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=3&device_id=4&ae=false&mx_UCC=1&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.040&size=728x90&mx_TAS=1&mx_gpid_sent=false&xtmax=290&commit_id=ba20ae08&scrid=1700080812610100728009000000500&itypeid=17&mx_SPRIG=0&viewability=87&renderer=0&be=0&rtime=21.0&adj0=0.0&tmax=300&s_ip=74.125.190.2&adj2=0.0&adj1=0.0&feedback_id=YwVFUgANm0YBc8YGRA7QjA&adtypes=0&mx_aabpc=0&reqid=YwVFUgANm0YBc8YGRA7QjA&sc=AU-NSW&mowxReqId=aa2fefd645eb44c285ec72ba6fccc7bf_1&ifdp=0&requrl=https%3A%2F%2Fwww.rethink.onl%2F&bidrestime=1661289810955&pv_adtype=0&cc=AU&strg=NO_STRATEGY&pcrid=8CUABW64L-721135687-35-0&coppa_enf=true&bdp=0.040&ct=beaconsfield&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D290%7CNO_STRATEGY%7Cbrr%3D0&mx_epbc=8CUABW64L&dnt_enf=false&mx_ssBucket=0&vls=0&asn=54203&mang=1&fleet=common-istio&mx_isLossNtf=false&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dn=rethink.onl&dt=O&acid=aa2fefd645eb44c285ec72ba6fccc7bf&actltime=28&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=32%7C34%7C70%7C7%7C13%7C14%7C15%7C16%7C48%7C17%7C114%7C18%7C19%7C20%7C22%7C25%7C26%7C27&dfpBd=0.04&sckfl=0&dmm_erpm=false&mx_lr=0&mview=1&smbrid=adx-1&bfs=103&rfc=-1&prvApiId=8CUABW64L&epcexp=false&pubid=pub-ADX-101418826937&mx_bsProfile=0&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&omul=1.0&res_mtype=0&apPrfs%3C%3E=62%23%2313%23%2361&chnl=NO_STRATEGY&pst=0&reqsize=728x90&adpos=1&itype=ADX&mx_g_one_uid_sent=None&spCst=0&mx_sid=8CUABW64L&tgtval=pub-ADX-101418826937&__expireat=1661290411208&lmt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=721135687&ckfl=0&lper=1&mx_tgs=728x90&cbdp=0.04&pvdTmax=247&ltime=27.0&epc=721135687&prvReqId=54316857911132_906431065_52982010413131&zip=2015&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=ADX-pub-2291825815563197&ybnca_erpm=0.04&brsrclk=0&sbdrid=196&rtttime=38&apTags%3C%3E=75&mx_PC=1&wsip=mowx-istio-6c46778c64-l54bn&currsrc_date=2022-08-23+00%3A00%3A00&psrc=fail&geoll=false&omid=0&debug_ts=2022-08-23+21%3A23%3A30&policy_enf=2&mx_ssProfile=0&mx_SC=0&reftime=0&pbidflr=0.010&spbf=0&currsrc=API&fpusp=false&lmt_applied=N&mnrfc=-1&pub_blk_enf=1&amptype=1&moau=true&ocurr=USD&snm=SUCCESS&mx_IAB2=0&usp_enf=1&bidflr=0.010&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&pvid=313&schain_cmpl=1&is_ortb=false&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=1&dbf=1&gdpr=0&gqid=AHfbET4rjq2tQKsQ__AaTYcGftfn5uEjGKfDe8rxfAjcULVcm1TNdLbMAW7gVB_QmyOgzWEZ&dmm_ogerpm=false&csip=rtb-common-istio-85cb58b4b7-zs8wq.SG&mx_bsBucket=0&mx_aurt=0&spIvt=3&ptype=23&media=0&acsn=1&dtc=apac_sg&mx_aqcpl_crid=4&ogbdp=0.04&tpbTkn=false&adblk=3461795557&fpuReq=0&vcmplrt=-1.0&crid=529820104&geo_source=2&sat=1&mnet_ckfl=0&opbidflr=0.010&impId=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.87~vis_sd%3D562~dc2%3D1~scd%3Dnsw~v_asn%3D54203~vl2r_sd%3D2022082312~iurl_b%3D1214.83~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.49~ip%3D3bw0Uw~fbb%3D0~vis_url_l%3D10~riipua%3D22%2C22~et%3D20~rc%3D2%2C28~rps_sd%3D2022082312~vis_b%3D864.18~url_b%3D0.82~url_tvi%3D0~smm_wr%3D15.1642~url_l%3D20~gcat%3D500283~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~bm%3D1~smm_sd%3D2022082312~sid%3D721135687~sd%3D0~uid%3D15fBD74IDx4TDun5V~btd%3D60213921829350247786973774107442392060208791972744593566164273883734689245888512~d2p_l%3D30~3pcf%3D1000.38~uim%3D0~dmm_strg%3Dno_strategy~d2p_b%3D0.97~ogd2p_b%3D0.94~vurl_b%3D1.39~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D35.59~vurl_l%3D20~CI%3D2724~nts%3D1~tb%3D-1~ct%3Dbeaconsfield~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.72~isif%3D0~lc%3D3~bid%3D0.04~dc%3D8~vl2r_b%3D1.28~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.87%7Eamp%3D1%7Ecbdp%3D0.040%7Edmm%3Dno_strategy%7Esuid%3D%7Edtc%3Dapac_sg%7Exid%3DADX-pub-2291825815563197%7Edalg%3Dno_strategy%7Ehtml%3D1%7Eadblk%3D3461795557%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.040%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D1%7Edogb%3D0-1~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D247&utime=1666&sf=0&cpr=0.6250547198278718
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2291825815563197&output=html&h=90&slotname=%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%20%3C!--%20Rethink%20top%20--%3E%20%3Cins%20class%3D%22adsbygoogle%22%20style%3D%22display%3Ablock%22%20data-ad-client%3D%22ca-pub-2291825815563197%22%20data-ad-slot%3D%225240559096%22%20data-ad-format%3D%22auto%22%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%20%3Cscript%3E%20(adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D).push(%7B%7D)%3B%20%3C%2Fscript%3E&adk=3461795557&adf=1199968654&pi=t.ma~as.%3Cscript%20async%20src%3D%22_&w=1004&fwrn=4&fwrnh=100&lmt=1661289810&rafmt=2&psa=0&format=1004x90&url=https%3A%2F%2Fwww.rethink.onl%2Findex.php%3Fqa%3Duser%26qa_1%3Dpolicearcher4&fwr=0&rpe=1&resp_fmts=2&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1661289810212&bpp=4&bdt=1697&idt=495&shv=r20220818&mjsv=m202208160101&ptt=9&saldr=aa&abxe=1&correlator=5266776250203&frm=20&pv=2&ga_vid=956766873.1661289811&ga_sid=1661289811&ga_hid=1499100224&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=298&ady=131&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C21066428%2C31069063%2C21066432%2C31068921&oid=2&pvsid=4056537688180009&tmod=1478688179&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7Co%7CeE%7C&abl=NS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=uU1aTGvzQf&p=https%3A//www.rethink.onl&dtd=514
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 0915fad60bc9b61b6dcd82d05da7ec4bc0232a647e75b8507c3cba6d4d6602f9

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: max-age=3600
date: Tue, 23 Aug 2022 21:23:32 GMT
server: Apache
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=21600
content-length: 35
expires: Wed, 24 Aug 2022 03:23:32 GMT

POST
H3 204 AGSKWxVeCMAh2cUCwIdXC21bzidY5ufGNvpNqHo2uTlVtFO2XN7Ue4MkHocXMmDSu_q00DpwIagRwXGihf1vikTjWWjcZMF4ojCfSFVLlJKf6GEOXPw5KmDmJq9WXbOMVAh4wcSBXIkOeg== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 601ms
210ms XHR
text/html 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVeCMAh2cUCwIdXC21bzidY5ufGNvpNqHo2uTlVtFO2XN7Ue4MkHocXMmDSu_q00DpwIagRwXGihf1vikTjWWjcZMF4ojCfSFVLlJKf6GEOXPw5KmDmJq9WXbOMVAh4wcSBXIkOeg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vRfGXVXlaPoSQBuW57R6vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-vRfGXVXlaPoSQBuW57R6vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxUEHC4sOIpZVsMbQJTh4erjtWjFXtQ8tHxQD0sYvCZjbQMOZ9YBSOqH1gi6BG9AItcMqhubxLaOvolq84B8m2ETZQZyZvNMRMJm9wfofSQXv0-TdJKw4Z9X-SOS32PM-8bVjhtGow== Show response
fundingchoicesmessages.google.com/f/ 17 KB
7 KB 235ms
235ms Script
application/javascript 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUEHC4sOIpZVsMbQJTh4erjtWjFXtQ8tHxQD0sYvCZjbQMOZ9YBSOqH1gi6BG9AItcMqhubxLaOvolq84B8m2ETZQZyZvNMRMJm9wfofSQXv0-TdJKw4Z9X-SOS32PM-8bVjhtGow==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYxMjg5ODEyLDYzNDAwMDAwMF0sIjc2ODVDQkMwLUYxQUQtNDczMy04NUJCLTlFOTVENURBMTBDMSIsbnVsbCxudWxsLFtudWxsLFs3LDEwXSxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMSwxXSwiaHR0cHM6Ly93d3cucmV0aGluay5vbmwvaW5kZXgucGhwIixudWxsLFtdXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0caaae23614c3bfe9504e044a197d14abcbda86880cc72cd045b868ad98ab3c3

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DpEtPVr4Q9LndxETVfqvuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-DpEtPVr4Q9LndxETVfqvuw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-DpEtPVr4Q9LndxETVfqvuw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-DpEtPVr4Q9LndxETVfqvuw' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame A917 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 03116248d4a459405035175823438732f43771f5456c83c8eae7b178db901126

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

cksync
cs.media.net/ Frame 43E3
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzA0MjkxNDEyNjgzNTg2MDAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1

45 B
445 B

362ms
280ms

Image
image/gif

23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU3SX34C&prvid=99%2C77%2C20000%2C2033%2C262%2C241%2C3018%2C246%2C4%2C313%2C359%2C10000%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 23 Aug 2022 21:23:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:32 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync
cs.media.net/ Frame 43E3
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=a4cbad68-485f-40c0-8813-ef44091ad839

45 B
450 B

280ms
280ms

Image
image/gif

23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=a4cbad68-485f-40c0-8813-ef44091ad839
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU3SX34C&prvid=99%2C77%2C20000%2C2033%2C262%2C241%2C3018%2C246%2C4%2C313%2C359%2C10000%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 23 Aug 2022 21:23:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=a4cbad68-485f-40c0-8813-ef44091ad839
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
69 B 208ms
207ms Image
image/gif 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=1&rn=5.742483223539235

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-zLhiQR5l8QsqL8oM7AY9Pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-zLhiQR5l8QsqL8oM7AY9Pg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport, script-src 'report-sample' 'nonce-zLhiQR5l8QsqL8oM7AY9Pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-zLhiQR5l8QsqL8oM7AY9Pg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingDetectionHttp"
x-frame-options: SAMEORIGIN
date: Tue, 23 Aug 2022 21:23:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingDetectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingDetectionHttp/external"}]}
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 px.gif
fundingchoicesmessages.google.com/img/ 43 B
69 B 208ms
208ms Image
image/gif 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fundingchoicesmessages.google.com/img/px.gif?ch=2&rn=10.365226991171236

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-36tKJXfrhte28dFon8mByg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-36tKJXfrhte28dFon8mByg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 21:23:33 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorServingDetectionHttp"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
report-to: {"group":"ContributorServingDetectionHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorServingDetectionHttp/external"}]}
content-type: image/gif
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-36tKJXfrhte28dFon8mByg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingDetectionHttp/cspreport;worker-src 'self', script-src 'nonce-36tKJXfrhte28dFon8mByg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingDetectionHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorServingDetectionHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

cksync
cs.media.net/ Frame ACCC
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8m33zk4&ttd_tpi=1&gdpr=0&gdpr_consent=
https://cs.media.net/cksync?cs=1&type=ttd&ovsid=b40c196e-f6e1-4926-be0a-a7eafca117e1

45 B
449 B

287ms
287ms

Image
image/gif

23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=b40c196e-f6e1-4926-be0a-a7eafca117e1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU3SX34C&prvid=99%2C77%2C20000%2C2033%2C262%2C241%2C3018%2C246%2C4%2C313%2C359%2C10000%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 23 Aug 2022 21:23:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://cs.media.net/cksync?cs=1&type=ttd&ovsid=b40c196e-f6e1-4926-be0a-a7eafca117e1
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 199

GET
H2

200

cksync
cs.media.net/ Frame ACCC
Redirect Chain

https://cm.g.doubleclick.net/pixel?cs=6&google_nid=media&google_cm=1&google_hm=MzA0MjkxNDEyNjgzNTg5OTAwMFYxMA%3D%3D&google_sc=1
https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1

45 B
445 B

281ms
280ms

Image
image/gif

23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1
Requested by: Host: contextual.media.net
URL: https://contextual.media.net/checksync.php?vsSync=1&cs=6&cv=31&https=1&cid=8CU3SX34C&prvid=99%2C77%2C20000%2C2033%2C262%2C241%2C3018%2C246%2C4%2C313%2C359%2C10000%2C9%2C319&itype=ADX&purpose1=1&gdprconsent=1&gdpr=0&usp_status=0&usp_consent=1
Protocol: H2
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://contextual.media.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 45
x-mnet-hl2: E
expires: Tue, 23 Aug 2022 21:23:33 GMT

Redirect headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://cs.media.net/cksync?type=g&cs=6&google_gid=CAESEFsCYRv2eser6e8fquIDHIQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 205ms
205ms XHR
text/html 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7w48QsvWVtYKyntQk-HlbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-7w48QsvWVtYKyntQk-HlbA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:33 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7w48QsvWVtYKyntQk-HlbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-7w48QsvWVtYKyntQk-HlbA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 83FC 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 83FC 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 83FC 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 83FC 15 B
159 B 256ms
255ms Script
text/html 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=4933&&&vgd_l2type=sca&fp=w1mIgqJnehndm7sKMHB0lHWynadfk3nZq_vtmVhjYYhbEl0XzMDaODKkLo56ccntbMJ-xjzSKs0FnVY2jaoIYYfx_RSsv807NrpLbxrcCHK2e4ANwGwDv4hBDvcHb0zQhpr5u45b9j8%3D&cme=03jRgxIKvEnc9317j1CbUFk7Pv-spMyJRVVDTHzrCwHQ3hYe83ACR6vzGgw9YNB1YUvPCqLp2TZrsr1V6rWkLTf_T-e3XnfJEfNKIZAIDbPy75A_aaYCpWvQ-Fsg6nV5ZbmAtHcIuLMfiWIG7Bggqa1fy4nWKlmn5O1Kkrj-yT1EcwL2Moubl9USoy4T1qyK0h0wyg52cEi3UHXixllqpA%3D%3D%7C%7Csj1-8fOEyOCcYyjx9FAvxCCsJeAEyD3U%7Ca0AmFUYXmD4S3gJt5YOMIm5m0aphAnlcggi4TySDbCQ%3D%7CpCmw23Hc67_tKdMjykVS55PuKajWJoDAY61ph7jYjMnvU47LWVQGDBIMBH8scYlQMfYxAO0HcOuVA-0O9Xhe5oCbd9zoPQjM8i27bXwPrAnHEtXX17CAzqQCrUY2HpkZtZJBsSoOo11wquCI4gYNIJFFxgFlD4D_4cxwoGrMaYxHNqbuxM1Z9PCswT8H0V8JiJhqcjHCKgVh2xy5mameeDua3jcxBVcilgUQO1V9lRM%3D%7Cu8A6SM53vAdJjhazCSusZAnIl_9HqKRb%7CjyjVTouP1sOI3OR67jxweNSVYtHEv6HR%7Cxrl5Md8q4-9bTQ8cUcZ9TPIouFQYW4P6EB6uIML1GKI%3D%7C&v=1&geo=-33.91%7C151.2&dlper=20&lper=100&lpid=&tsid=4&q=&prv=&type=&ps=&hint=&td=&cc=AU&wsip=170785144&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nff&vgd_dnquo=01_9&ksu=224&fdkt=375&vgde_kbbh=ffoyxQJuO&kwd[]=Meet+People+in+Your+Area&kwt[]=375&kbc[]=19985&kwp[]=1&kid[]=18888424&kbc2[]=%23c%3A3469822%7C1%3D3.31%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C63%3D0.31%7C12%3D0.84%7C62%3D0.36%7C60%3D3.31%7C10%3D5.24%7C66%3D0.98%7Cps%3D1.011%7C3%3D0.82%7C4%3D3.96&ktd[]=274911461632&ktrkt[]=Meet+People+in+Your+Area&kwd[]=Easy+Homemade+Pizza+Dough&kwt[]=341&kbc[]=im22548134&kwp[]=2&kid[]=76389831&kbc2[]=useful+website%7C1%3D0.64%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C63%3D0.31%7C12%3D0.58%7C62%3D0.63%7C60%3D0.67%7C10%3D5.24%7C66%3D0.46%7Cps%3D0.960%7C3%3D0.22%7C4%3D1.72&ktd[]=274911592704&ktrkt[]=Easy+Homemade+Pizza+Dough&kwd[]=Freezer+Meals+to+Lose+Weight&kwt[]=341&kbc[]=im329783403&kwp[]=3&kid[]=329783403&kbc2[]=answer%7C1%3D0.54%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C63%3D0.31%7C12%3D0.60%7C62%3D0.55%7C60%3D0.54%7C10%3D5.24%7C66%3D0.52%7Cps%3D0.960%7C3%3D0.14%7C4%3D1.50&ktd[]=274894815488&ktrkt[]=Freezer+Meals+to+Lose+Weight&kwd[]=Top+10+Stocks+to+Buy+Now&kwt[]=390&kbc[]=266%3A%3A82195&kwp[]=4&kid[]=321285974&kbc2[]=1%3D1.93%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C63%3D0.31%7C12%3D0.79%7C62%3D1.72%7C60%3D1.93%7C10%3D5.24%7C66%3D0.82%7Cps%3D0.827%7C3%3D0.68%7C4%3D3.44&ktd[]=274894815488&ktrkt[]=Top+10+Stocks+to+Buy+Now&cid=8CUABW64L&vwid=1661289811378723521&vi=1661289811378723521&tdAdd[]=ib%3D0&vsid=3042914126835849&tdAdd[]=asnum%3D54203&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_cdv=782&vgd_l3_sc=NSW&vgd_chost=contextual.media.net&vgd_hb_audit_1=8CU3SX34C&vgd_hb_audit_2=529820104&vgd_refdomain=rethink.onl&vgd_katbid=-103&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170785144&vgd_nrrv=96642&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=beaconsfield&vgd_go_pid=8PO15GP54&&tdAdd[]=%7C%40%7Cabp%3A1%3A2&vgd_ifrmode=11&vgd_l1rakh=1661289811190517252&sttm=1661289812500&upk=1661289812.6169&hvsid=00001661289812500029185683583422&verid=3111299&vgd_matchstr=hr%3D0%7C&sbdrId=196&vgd_ecrid=1700080812610100728009000000500&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8PO15GP54&&abpl=2&&kbbq=%26asn%3D54203&&vgd_vstrid=3042914126835849&vgde_bdata=QOfvzxjj~8xLjMjvf9~myJLEYv9.9H~eBMJ-Nv9.WA~QYYMG8Ov9.9A~e8QMQOvXFf~ONfvu~QNOvzQB~eM1QzvXHf9A~ejfLMQOvf9ff9WfAuu~8xLjMGvufuH.WA~xLjM7UNv9~Q7Ov~j1Q7v~e8QMxLjMGv9.Hi~8EvAGB9PB~kGGv9~e8QMxLjMjvu9~L88Ex1vff%2Cff~J7vfH~LNvu~LEQMQOvf9ff9WfAuf~e8QMGvW9X.Xu~xLjMGv9.Wf~xLjM7e8v9~QYYMBLvuX.uFHf~xLjMjvf9~yN17vX99fWA~GGvuiF~eev9~jfLMGvu999~JLEYv9.9H~GYvu~QYYMQOvf9ff9WfAuf~Q8OvhfuuAXFWh~QOv9~x8Ov1gBHy1wXLx1cb9D9T~G7OvF9fuAifuWfWiuif9HXhhuhuffiWFXiiAh9hH9iuhH9AFhhiHuHfAhA9WhXfX9W9FuWif9X9fXXHuhAHH~OfEMjvA9~AENkvu999~x8Yv9~OYYMQ7LyvzmMQ7L17Jy5~OfEMGv9.ih~myOfEMGv9.iH~exLjMGvu.H~QQvIK~x8Bvou~NJv9~LEQMGvHX.HW~exLjMjvf9~%3DVvfhfH~z7Qvu~7Gvou~N7vGJ1NmzQk8JjO~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8exLjMGv9.hf~8Q8kv9~jNvA~G8Ov9.9A~ONvW~ejfLMGvu.9u~8exLjMjvf9~QxEEj5M71yM8Ov~e8JB1G8j875v9.WA~1YEvu~NGOEv9.9A9~OYYvzmMQ7L17Jy5~Qx8Ov~O7Nv1E1NMQy~-8OvKrtoExGoffiuWfXWuXXFAuih~O1jyvYLyof.X~w7Yjvu~1OGjUvAHFuhiXXXh~QmGEv~GOEN1EOv9~OYYMJLEYvk1jQJ~GkjLv9.9u9~myG8Ov9.9A9~1NM75EJvu~875EJM8Ovuh~QJjjJLM71yM8Ov~OJ7JN7JOM71yM8Ov~ONx7vfX~OmyGv9ou~8GNvu~OO7vou~zQlvu~7yQvhfW-i9~GQGv9~GQEv9~7Y-vfXA&vgd_optout=0&vgd_cfud=220331&vgd_scsver=293&vgd_bhv_kbb=-1&vgd_go_ent=1&vgd_l2ch=0&vgd_rensize=728_90&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=apac_sg&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A728%3Brend_h%3A90&&vgd_uspa=0&vgd_sc=NSW&vgd_l1rhst=contextual.media.net&hvsid=00001661289812500029185683583422&subBdr=196&bdrid=313&rc=0&rand=1661289813277&acid=1d2069c7f1424e66b8508a3fae3714a9&matm=1661289813277&requrl=https%3A%2F%2Fwww.rethink.onl&vgd_ltimesrc=1&vgd_ltime=2174&vgd_rtime=2169&vgd_etm=20&vgd_l1hcsd=A12%7C5535&vgd_l1ch=1&vgd_lhl=2604&vgd_pgid=p11587259833t202208232123&vgd_adprefflag=11&vgd_csip=rtb-common-istio-85cb58b4b7-ljj2h.SG&vgd_sbSup=1&vgd_nrrs=96642&vgd_cntrdt=SL%7CBODY%7CHTML&vgd_crefurl=https%3A%2F%2Fwww.rethink.onl%2F&vgd_eadm=1&vgd_end=1

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 23 Aug 2022 21:23:33 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=48769
content-length: 15

GET
DATA 200
OK truncated
/ Frame 88D5 107 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dfa1028a74436c56e0ee1367812c0ee599d6814ec4a3079ca9b9afffba949e26

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 88D5 4 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 326c32d7ffbd04762a10cf5bb37441d418397959381d3893c9e9a48217aa5347

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 88D5 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b00af338864761a37a208806e2e8815b46327a5e7e47bf141f4fbdf6d1fd3bcc

Request headers

accept-language: en-AU,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 bql.php Show response
lg3.media.net/ Frame 88D5 15 B
159 B 286ms
286ms Script
text/html 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://lg3.media.net/bql.php?vgd_len=4828&&&vgd_l2type=sca&fp=w1mIgqJnehndm7sKMHB0lHWynadfk3nZq_vtmVhjYYhbEl0XzMDaODKkLo56ccntbMJ-xjzSKs0FnVY2jaoIYYfx_RSsv807NrpLbxrcCHK2e4ANwGwDv4hBDvcHb0zQhpr5u45b9j8%3D&cme=xdIP_Aow8VGUVlsJnZqTuQ5YPksjvLTOUGeyTfHERsmN1I1mtmyIrQWFVgk3ke12UiCXbc4vhug40vr3d7MIDgZixubRfpc0rMRlsEWUkRxDt9TrazCS6zU8oGCWPcjueKlOYdCkuP224Tt8QeH0J8bL0XOwxtjB6I-cSffFIJgbBJGBc1dUrcHdVuDnNu9m4_lEdjO5StGYDIoO5oODbUsRsdnB62P3%7C%7CYnt0LdO-cZ5LTkDdko1lqEmzVKM7HmwjswtM3qqHA9OiOhpPWM5syzqQJxQ0-1LP86zECU0fLzav4tQmn-XxW191Se2ZiV3ydk-0QOugYxTWIZ1EkdsiAjWP_sO_qNSFa7zNZW1hBGvKZFEYCQ_gve8xdQ_Ds91P0EQgQQ8MPlJR1d2zyXGtrUdVfsSkktDRpvJ10DXQQ2WX-rs80ecvAhWqzaLsdR6_nNETpG3vYis%3D%7Cu8A6SM53vAdJjhazCSusZAnIl_9HqKRb%7CjyjVTouP1sOI3OR67jxweNSVYtHEv6HR%7Csj1-8fOEyOCcYyjx9FAvxCCsJeAEyD3U%7Ca0AmFUYXmD4S3gJt5YOMIm5m0aphAnlcggi4TySDbCQ%3D%7Cxrl5Md8q4-9bTQ8cUcZ9TPIouFQYW4P6EB6uIML1GKI%3D%7C&v=1&geo=-33.91%7C151.2&dlper=20&lper=100&lpid=&tsid=4&q=&prv=&type=&ps=&hint=&td=&cc=AU&wsip=170785144&bca=0&ugd=4&vgd_fcic=0&vgde_setid=Nff&vgd_dnquo=01_9&ksu=224&fdkt=375&vgde_kbbh=ffoyxQJuOu99&kwd[]=Meet+People+in+Your+Area&kwt[]=375&kbc[]=19985&kwp[]=1&kid[]=18888424&kbc2[]=%23c%3A3469822%7C1%3D3.31%7C12%3D0.84%7C66%3D0.98%7C62%3D0.36%7C60%3D3.31%7C63%3D0.31%7C10%3D5.24%7Cps%3D1.011%7C3%3D0.82%7C4%3D3.96&ktd[]=274911461376&ktrkt[]=Meet+People+in+Your+Area&kwd[]=Easy+Homemade+Pizza+Dough&kwt[]=341&kbc[]=im22548134&kwp[]=2&kid[]=76389831&kbc2[]=useful+website%7C1%3D0.64%7C12%3D0.58%7C66%3D0.46%7C62%3D0.63%7C60%3D0.67%7C63%3D0.31%7C10%3D5.24%7Cps%3D0.960%7C3%3D0.22%7C4%3D1.72&ktd[]=274911793152&ktrkt[]=Easy+Homemade+Pizza+Dough&kwd[]=Freezer+Meals+to+Lose+Weight&kwt[]=341&kbc[]=im329783403&kwp[]=3&kid[]=329783403&kbc2[]=answer%7C1%3D0.55%7C12%3D0.64%7C66%3D0.52%7C62%3D0.55%7C60%3D0.54%7C63%3D0.31%7C10%3D5.24%7Cps%3D0.960%7C3%3D0.14%7C4%3D1.50&ktd[]=274895015936&ktrkt[]=Freezer+Meals+to+Lose+Weight&kwd[]=Top+10+Stocks+to+Buy+Now&kwt[]=390&kbc[]=266%3A%3A82195&kwp[]=4&kid[]=321285974&kbc2[]=1%3D1.93%7C12%3D0.79%7C66%3D0.82%7C62%3D1.72%7C60%3D1.93%7C63%3D0.31%7C10%3D5.24%7Cps%3D0.827%7C3%3D0.68%7C4%3D3.44&ktd[]=274894815232&ktrkt[]=Top+10+Stocks+to+Buy+Now&cid=8CUABW64L&vwid=1661289811873261349&vi=1661289811873261349&tdAdd[]=ib%3D0&vsid=3042914126835831&tdAdd[]=asnum%3D54203&vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D&vgd_cdv=782&vgd_l3_sc=NSW&vgd_chost=contextual.media.net&vgd_hb_audit_1=8CU3SX34C&vgd_hb_audit_2=529820104&vgd_refdomain=rethink.onl&vgd_katbid=-103&vgd_pdtid=1&vgd_implt=3&vgd_l2wsip=170785144&vgd_nrrv=96642&vgd_nrrmf=1c80a&vgd_nrrsf=scrr&vgd_cty=beaconsfield&vgd_go_pid=8PO15GP54&&tdAdd[]=%7C%40%7Cabp%3A1%3A2&vgd_ifrmode=11&vgd_l1rakh=1661289811123047987&sttm=1661289812618&upk=1661289813.9410&hvsid=00001661289812618029185683583411&verid=3111299&vgd_matchstr=hr%3D0%7C&sbdrId=196&vgd_ecrid=1700080812610100728009000000500&vgd_isiolc=1&vgd_fcm_enc_mis=1&pid=8PO15GP54&&abpl=2&&kbbq=%26asn%3D54203&&vgd_vstrid=3042914126835831&vgde_bdata=QOfvzxjj~8xLjMjvf9~myJLEYv9.9H~eBMJ-Nv9.Wh~e8QMQOvXFf~ONfvu~QNOvzQB~eM1QzvXHf9A~ejfLMQOvf9ff9WfAuf~8xLjMGvufuH.WA~xLjM7UNv9~Q7Ov~j1Q7v~e8QMxLjMGv9.Hi~8EvAGB9PB~kGGv9~e8QMxLjMjvu9~L88Ex1vff%2Cff~J7vf9~LNvf%2CfW~LEQMQOvf9ff9WfAuf~e8QMGvWFH.uW~xLjMGv9.Wf~xLjM7e8v9~QYYMBLvuX.uFHf~xLjMjvf9~yN17vX99fWA~GGvuiF~eev9~jfLMGvu999~JLEYv9.9H~GYvu~QYYMQOvf9ff9WfAuf~Q8OvhfuuAXFWh~QOv9~x8OvuXkRrhHVr-H_rxzX%2F~G7OvF9fuAifuWfiAX9fHhhWFihAhhHu9hHHfAif9F9f9WhiuihfhHHXiAXFFuFHfhAWWAhAHFWifHXWWWXuf~OfEMjvA9~AENkvu999.AW~x8Yv9~OYYMQ7LyvzmMQ7L17Jy5~OfEMGv9.ih~myOfEMGv9.iH~exLjMGvu.Ai~QQvIK~x8Bvou~NJv9~LEQMGvAX.Xi~exLjMjvf9~%3DVvfhfH~z7Qvu~7Gvou~N7vGJ1NmzQk8JjO~G1Q8QfvuiF~G1Q8QuvuiF~8QDJkv9~8exLjMGv9.hf~8Q8kv9~jNvA~G8Ov9.9H~ONvW~ejfLMGvu.fW~8exLjMjvf9~QxEEj5M71yM8Ov~e8JB1G8j875v9.Wh~1YEvu~NGOEv9.9H9~OYYvzmMQ7L17Jy5~Qx8Ov~O7Nv1E1NMQy~-8OvKrtoExGoffiuWfXWuXXFAuih~O1jyvzmMQ7L17Jy5~w7Yjvu~1OGjUvAHFuhiXXXh~QmGEv~GOEN1EOv9~OYYMJLEYvk1jQJ~GkjLv9.9u9~myG8Ov9.9H9~1NM75EJvu~875EJM8Ovuh~QJjjJLM71yM8Ov~OJ7JN7JOM71yM8Ov~ONx7vu~OmyGv9ou~8GNvu~OO7vou~zQlvu~7yQvhfW-i9~GQGv9~GQEv9~7Y-vfHh&vgd_optout=0&vgd_cfud=220331&vgd_scsver=293&vgd_bhv_kbb=-1&vgd_go_ent=1&vgd_l2ch=0&vgd_rensize=728_90&vgd_scr_h=1200&vgd_scr_w=1600&vgd_ect=4g&vgd_dtc=apac_sg&vgd_mbr=1&vgd_l1rpth=%2Fnmedianet.js&vgd_pgids=1&&tdAdd[]=uiparams%3D%3Brend_w%3A728%3Brend_h%3A90&&vgd_uspa=0&vgd_sc=NSW&vgd_l1rhst=contextual.media.net&hvsid=00001661289812618029185683583411&subBdr=196&bdrid=313&rc=0&rand=1661289813350&acid=aa2fefd645eb44c285ec72ba6fccc7bf&matm=1661289813350&requrl=https%3A%2F%2Fwww.rethink.onl&vgd_ltimesrc=1&vgd_ltime=2177&vgd_rtime=2172&vgd_etm=6&vgd_l1hcsd=A12%7C5535&vgd_l1ch=1&vgd_lhl=2601&vgd_pgid=p11587259833t202208232123&vgd_adprefflag=11&vgd_csip=rtb-common-istio-85cb58b4b7-zs8wq.SG&vgd_sbSup=1&vgd_nrrs=96642&vgd_cntrdt=SL%7CBODY%7CHTML&vgd_crefurl=https%3A%2F%2Fwww.rethink.onl%2F&vgd_eadm=1&vgd_end=1

Requested by

Host: www.rethink.onl
URL: https://www.rethink.onl/index.php?qa=user&qa_1=policearcher4

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),

Reverse DNS

Software

Apache /

Resource Hash

c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=21600
server: Apache
date: Tue, 23 Aug 2022 21:23:33 GMT
ntcoent-length: 15
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
cache-control: max-age=48769
content-length: 15

GET
H3 200 sodar
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 581ms
198ms XHR
application/json 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220818&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202208160101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 23 Aug 2022 21:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11083
x-xss-protection: 0

GET
H2 200 log
hblg.media.net/ Frame 3563 35 B
194 B 257ms
256ms Image
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?log=kfk&evtid=adplog&&lmt_enf=true&req_mtype%3C%3E=0&mx_nsz=1&spSource=0&ifst=0&vid=YwVFUgANoqUCrIniSgZ61A&s_city=singapore&ugd=4&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=3&device_id=4&ae=false&mx_UCC=1&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.030&size=728x90&mx_TAS=1&mx_gpid_sent=false&xtmax=290&commit_id=ba20ae08&scrid=1700080812610100728009000000500&itypeid=17&mx_SPRIG=0&viewability=83&renderer=0&be=0&rtime=24.0&adj0=0.0&tmax=300&s_ip=74.125.190.129&adj2=0.0&adj1=0.0&feedback_id=YwVFUgANoqUCrIniSgZ61A&adtypes=0&mx_aabpc=0&reqid=YwVFUgANoqUCrIniSgZ61A&sc=AU-NSW&mowxReqId=1d2069c7f1424e66b8508a3fae3714a9_1&ifdp=0&requrl=https%3A%2F%2Fwww.rethink.onl%2F&bidrestime=1661289810930&pv_adtype=0&cc=AU&strg=NO_STRATEGY&pcrid=8CUABW64L-721135687-35-15&coppa_enf=true&bdp=0.030&ct=beaconsfield&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D290%7CNO_STRATEGY%7Cbrr%3D1&mx_epbc=8CUABW64L&dnt_enf=false&mx_ssBucket=0&vls=0&asn=54203&mang=1&fleet=common-istio&mx_isLossNtf=false&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dn=rethink.onl&dt=O&acid=1d2069c7f1424e66b8508a3fae3714a9&actltime=30&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=32%7C34%7C70%7C7%7C13%7C14%7C15%7C48%7C16%7C17%7C18%7C114%7C19%7C20%7C22%7C25%7C26%7C27&dfpBd=0.03&sckfl=0&dmm_erpm=false&mx_lr=0&mview=1&smbrid=adx-1&bfs=103&rfc=-1&prvApiId=8CUABW64L&epcexp=false&pubid=pub-ADX-101418826937&mx_bsProfile=0&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&omul=1.0&res_mtype=0&apPrfs%3C%3E=62%23%2313%23%2361&chnl=NO_STRATEGY&pst=0&reqsize=728x90&adpos=1&itype=ADX&mx_g_one_uid_sent=None&spCst=0&mx_sid=8CUABW64L&tgtval=pub-ADX-101418826937&__expireat=1661290411185&lmt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=721135687&ckfl=0&lper=1&mx_tgs=728x90&cbdp=0.03&pvdTmax=253&ltime=29.0&epc=721135687&prvReqId=54990414430343_1707885037_52982010413131&zip=2015&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=ADX-pub-2291825815563197&ybnca_erpm=0.04&brsrclk=0&sbdrid=196&rtttime=36&apTags%3C%3E=75&mx_PC=1&wsip=mowx-istio-6c46778c64-dshng&currsrc_date=2022-08-23+00%3A00%3A00&psrc=fail&geoll=false&omid=0&debug_ts=2022-08-23+21%3A23%3A30&policy_enf=2&mx_ssProfile=0&mx_SC=0&reftime=0&pbidflr=0.010&spbf=0&currsrc=API&fpusp=false&lmt_applied=N&mnrfc=-1&pub_blk_enf=1&amptype=1&moau=true&ocurr=USD&snm=SUCCESS&mx_IAB2=0&usp_enf=1&bidflr=0.010&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&pvid=313&schain_cmpl=1&is_ortb=false&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=1&dbf=1&gdpr=0&gqid=AHfbET62uFtN2rjBLSghEbmCiTVkWZkRu1lwNsvQSkmQHPvtNmnz09EnPV_HGqGODdAGdtPs&dmm_ogerpm=false&csip=rtb-common-istio-85cb58b4b7-ljj2h.SG&mx_bsBucket=0&mx_aurt=0&spIvt=3&ptype=23&media=0&acsn=1&dtc=apac_sg&mx_aqcpl_crid=4&ogbdp=0.03&tpbTkn=false&adblk=3461795557&fpuReq=0&vcmplrt=-1.0&crid=529820104&geo_source=2&sat=1&mnet_ckfl=0&opbidflr=0.010&impId=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.83~smm_bid%3D0.03~vis_sd%3D562~dc2%3D1~scd%3Dnsw~v_asn%3D54203~vl2r_sd%3D2022082311~iurl_b%3D1214.83~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.49~ip%3D3bw0Uw~fbb%3D0~vis_url_l%3D10~riipua%3D22%2C22~et%3D24~rc%3D1~rps_sd%3D2022082312~vis_b%3D805.51~url_b%3D0.82~url_tvi%3D0~smm_wr%3D15.1642~url_l%3D20~gcat%3D500283~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~bm%3D1~smm_sd%3D2022082312~sid%3D721135687~sd%3D0~uid%3DaQw4gah5ruaMS0R0L~btd%3D60213921828919204577171229865993707409174036779414237308752508061892050255417344~d2p_l%3D30~3pcf%3D1000~uim%3D0~dmm_strg%3Dno_strategy~d2p_b%3D0.97~ogd2p_b%3D0.94~vurl_b%3D1.4~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D45.48~vurl_l%3D20~CI%3D2724~nts%3D1~tb%3D-1~ct%3Dbeaconsfield~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.72~isif%3D0~lc%3D3~bid%3D0.03~dc%3D8~vl2r_b%3D1.01~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.83%7Eamp%3D1%7Ecbdp%3D0.030%7Edmm%3Dno_strategy%7Esuid%3D%7Edtc%3Dapac_sg%7Exid%3DADX-pub-2291825815563197%7Edalg%3Dmrg-2.5%7Ehtml%3D1%7Eadblk%3D3461795557%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.030%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D25%7Edogb%3D0-1~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D253&utime=1572&sf=0&cpr=0.45335658602255635&evttyp=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 23 Aug 2022 21:23:33 GMT

GET
H2 200 log
hblg.media.net/ Frame A917 35 B
194 B 257ms
256ms Image
image/gif 23.36.252.26
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hblg.media.net/log?log=kfk&evtid=adplog&&lmt_enf=true&req_mtype%3C%3E=0&mx_nsz=1&spSource=0&ifst=0&vid=YwVFUgANm0YBc8YGRA7QjA&s_city=singapore&ugd=4&exp=sfl%3Dfalse%7CssBucket%3D0%7Cbfl%3D-100%7Csch%3D1%7Cclt%3D3%7CssProfile%3D0%7Cdbr%3D1%7Ctpi%3D1&app=0&ctr=-1.0&mx_TAF=3&device_id=4&ae=false&mx_UCC=1&prspt=headerBid&mx_bss_algos%3C%3E=0&usp_status=0&seat=BID_API&og_cbdp=0.040&size=728x90&mx_TAS=1&mx_gpid_sent=false&xtmax=290&commit_id=ba20ae08&scrid=1700080812610100728009000000500&itypeid=17&mx_SPRIG=0&viewability=87&renderer=0&be=0&rtime=21.0&adj0=0.0&tmax=300&s_ip=74.125.190.2&adj2=0.0&adj1=0.0&feedback_id=YwVFUgANm0YBc8YGRA7QjA&adtypes=0&mx_aabpc=0&reqid=YwVFUgANm0YBc8YGRA7QjA&sc=AU-NSW&mowxReqId=aa2fefd645eb44c285ec72ba6fccc7bf_1&ifdp=0&requrl=https%3A%2F%2Fwww.rethink.onl%2F&bidrestime=1661289810955&pv_adtype=0&cc=AU&strg=NO_STRATEGY&pcrid=8CUABW64L-721135687-35-0&coppa_enf=true&bdp=0.040&ct=beaconsfield&spIsReq=3&s=1&abs=0%7C0%7Cxtmax%3D290%7CNO_STRATEGY%7Cbrr%3D0&mx_epbc=8CUABW64L&dnt_enf=false&mx_ssBucket=0&vls=0&asn=54203&mang=1&fleet=common-istio&mx_isLossNtf=false&advUrl=https%3A%2F%2Ftopics.businessfocus.online&dn=rethink.onl&dt=O&acid=aa2fefd645eb44c285ec72ba6fccc7bf&actltime=28&act=headerBid&iframingState=0&mx_lr_seg_deal=0&exclattr=32%7C34%7C70%7C7%7C13%7C14%7C15%7C16%7C48%7C17%7C114%7C18%7C19%7C20%7C22%7C25%7C26%7C27&dfpBd=0.04&sckfl=0&dmm_erpm=false&mx_lr=0&mview=1&smbrid=adx-1&bfs=103&rfc=-1&prvApiId=8CUABW64L&epcexp=false&pubid=pub-ADX-101418826937&mx_bsProfile=0&cid=8CU3SX34C&bcrid=1700080812610100728009000000500&omul=1.0&res_mtype=0&apPrfs%3C%3E=62%23%2313%23%2361&chnl=NO_STRATEGY&pst=0&reqsize=728x90&adpos=1&itype=ADX&mx_g_one_uid_sent=None&spCst=0&mx_sid=8CUABW64L&tgtval=pub-ADX-101418826937&__expireat=1661290411208&lmt_status=N&reftype=0&viewability_vendor=EXCHANGE&prvAccId=721135687&ckfl=0&lper=1&mx_tgs=728x90&cbdp=0.04&pvdTmax=247&ltime=27.0&epc=721135687&prvReqId=54316857911132_906431065_52982010413131&zip=2015&exid=31&spFst=0&mx_GCID=0&cliIPType=v4&pexid=ADX-pub-2291825815563197&ybnca_erpm=0.04&brsrclk=0&sbdrid=196&rtttime=38&apTags%3C%3E=75&mx_PC=1&wsip=mowx-istio-6c46778c64-l54bn&currsrc_date=2022-08-23+00%3A00%3A00&psrc=fail&geoll=false&omid=0&debug_ts=2022-08-23+21%3A23%3A30&policy_enf=2&mx_ssProfile=0&mx_SC=0&reftime=0&pbidflr=0.010&spbf=0&currsrc=API&fpusp=false&lmt_applied=N&mnrfc=-1&pub_blk_enf=1&amptype=1&moau=true&ocurr=USD&snm=SUCCESS&mx_IAB2=0&usp_enf=1&bidflr=0.010&incentive_type=0&skadidfl=0&pid=8PR113JGC&spTo=3&pvid=313&schain_cmpl=1&is_ortb=false&mx_aurl_hc=0&ucrid_ver=2&mx_maq_call=false&mx_uid_sent=0&mx_sbp=-10.0&mnrf=0&slotVisibility=1&dbf=1&gdpr=0&gqid=AHfbET4rjq2tQKsQ__AaTYcGftfn5uEjGKfDe8rxfAjcULVcm1TNdLbMAW7gVB_QmyOgzWEZ&dmm_ogerpm=false&csip=rtb-common-istio-85cb58b4b7-zs8wq.SG&mx_bsBucket=0&mx_aurt=0&spIvt=3&ptype=23&media=0&acsn=1&dtc=apac_sg&mx_aqcpl_crid=4&ogbdp=0.04&tpbTkn=false&adblk=3461795557&fpuReq=0&vcmplrt=-1.0&crid=529820104&geo_source=2&sat=1&mnet_ckfl=0&opbidflr=0.010&impId=1&rme=adm&bdata=sd2%3Dnull~iurl_l%3D20~ogerpm%3D0.04~vw_exc%3D0.87~vis_sd%3D562~dc2%3D1~scd%3Dnsw~v_asn%3D54203~vl2r_sd%3D2022082312~iurl_b%3D1214.83~url_tkc%3D0~std%3D~last%3D~vis_url_b%3D0.49~ip%3D3bw0Uw~fbb%3D0~vis_url_l%3D10~riipua%3D22%2C22~et%3D20~rc%3D2%2C28~rps_sd%3D2022082312~vis_b%3D864.18~url_b%3D0.82~url_tvi%3D0~smm_wr%3D15.1642~url_l%3D20~gcat%3D500283~bb%3D196~vv%3D0~l2r_b%3D1000~erpm%3D0.04~bm%3D1~smm_sd%3D2022082312~sid%3D721135687~sd%3D0~uid%3D15fBD74IDx4TDun5V~btd%3D60213921829350247786973774107442392060208791972744593566164273883734689245888512~d2p_l%3D30~3pcf%3D1000.38~uim%3D0~dmm_strg%3Dno_strategy~d2p_b%3D0.97~ogd2p_b%3D0.94~vurl_b%3D1.39~ss%3DNA~uiw%3D-1~ce%3D0~rps_b%3D35.59~vurl_l%3D20~CI%3D2724~nts%3D1~tb%3D-1~ct%3Dbeaconsfield~basis2%3D196~basis1%3D196~isRef%3D0~ivurl_b%3D0.72~isif%3D0~lc%3D3~bid%3D0.04~dc%3D8~vl2r_b%3D1.28~ivurl_l%3D20~supply_tag_id%3D%7Eviewability%3D0.87%7Eamp%3D1%7Ecbdp%3D0.040%7Edmm%3Dno_strategy%7Esuid%3D%7Edtc%3Dapac_sg%7Exid%3DADX-pub-2291825815563197%7Edalg%3Dno_strategy%7Ehtml%3D1%7Eadblk%3D3461795557%7Esobp%3D%7Ebdpcapd%3D0%7Edmm_erpm%3Dfalse%7Ebflr%3D0.010%7Eogbid%3D0.040%7Eac_type%3D1%7Eitype_id%3D17%7Eseller_tag_id%3D%7Edetected_tag_id%3D%7Edcut%3D1%7Edogb%3D0-1~ibc%3D1~ddt%3D-1~nsz%3D1~tgs%3D728x90~bsb%3D0~bsp%3D0~tmx%3D247&utime=1666&sf=0&cpr=0.6250547198278718&evttyp=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.252.26 Singapore, Singapore, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-36-252-26.deploy.static.akamaitechnologies.com
Software: Jetty(9.4.35.v20201120) /
Resource Hash: 796c46ec10bc9105545f6f90d51593921b69956bd9087eb72bee83f40ad86f90

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 23 Aug 2022 21:23:33 GMT
server: Jetty(9.4.35.v20201120)
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 35
expires: Tue, 23 Aug 2022 21:23:33 GMT

GET
H3 200 affad Show response
fundingchoicesmessages.google.com/f/AGSKWxUFXwHFVKhTiaSIlf5kd36b8Y8mb1aHsOw3E9O62xbb5ukauPEBD3obrMlZhAZSHchFhtALWXszeyvwX9KXtu0ESVePrEyeRvNdmjwx_B65lFycjIvpoqFfxL-wryEqCbYPnkc0BCGy4cd9GfTEMeTlXYOAi... 54 B
109 B 202ms
201ms Script
application/javascript 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxUFXwHFVKhTiaSIlf5kd36b8Y8mb1aHsOw3E9O62xbb5ukauPEBD3obrMlZhAZSHchFhtALWXszeyvwX9KXtu0ESVePrEyeRvNdmjwx_B65lFycjIvpoqFfxL-wryEqCbYPnkc0BCGy4cd9GfTEMeTlXYOAis2b7cI35tzxuBEGhIi_gfpyjZMRJbeQ/_/ads/fb-/affad?/netseerads.script,subdocument,third-party,domain=efukt.com/ads/?uniq=

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.qLcFjXfg53Q.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMxiZ71Cm6_NozRiKnRLkL5UQeO7Og/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9e95febae7cd022a24140bbad09edfbdf3cc98e8ed325197e42475d072d6378b

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-p8YkYuW4V9Nqu7yc4c6J3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-p8YkYuW4V9Nqu7yc4c6J3g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-p8YkYuW4V9Nqu7yc4c6J3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'nonce-p8YkYuW4V9Nqu7yc4c6J3g' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
date: Tue, 23 Aug 2022 21:23:33 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 osd.js Show response
pagead2.googlesyndication.com/pagead/ 150 B
175 B 193ms
191ms Script
text/javascript 142.250.4.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/osd.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.qLcFjXfg53Q.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_ccpa_signal_executable/ed=1/rs=AJlcJMxiZ71Cm6_NozRiKnRLkL5UQeO7Og/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.4.154 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

40b236f82ab80f86a107f3f515f08efd59e273ef9120c58ef6f1f92c5a59676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-AU,en;q=0.9
Referer: https://www.rethink.onl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 20:36:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2834
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 149
x-xss-protection: 0
server: cafe
etag: 8503686451332090603
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Tue, 23 Aug 2022 21:36:19 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-k7fOrft30MGb9A_hlQ6NUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-k7fOrft30MGb9A_hlQ6NUQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:33 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-k7fOrft30MGb9A_hlQ6NUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-k7fOrft30MGb9A_hlQ6NUQ' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-cPiEpvXtjn81lyO5y1OwJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cPiEpvXtjn81lyO5y1OwJA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:34 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'report-sample' 'nonce-cPiEpvXtjn81lyO5y1OwJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-cPiEpvXtjn81lyO5y1OwJA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 211ms
210ms XHR
text/html 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JE7S4p1-f95mUZHiXwL2VA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-JE7S4p1-f95mUZHiXwL2VA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:34 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-JE7S4p1-f95mUZHiXwL2VA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-JE7S4p1-f95mUZHiXwL2VA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVoo7ye47sOnSyXJ6ue67BtRpyYukXbf_Te9tKlog22J5eKe0cxsf9VVld0La0WF_hv-7zoC1tQlm4Q2QNC-JcpEr1KmGQdueZJImEJJwLddoVc7yLDdZ00VdjLUE9dR65ibPPtQw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AUSwfFvBGct5GX0HCkvhvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AUSwfFvBGct5GX0HCkvhvA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.rethink.onl/
accept-language: en-AU,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 23 Aug 2022 21:23:34 GMT
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
access-control-allow-origin: https://www.rethink.onl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin; report-to="ContributorLoggingHttp"
x-frame-options: SAMEORIGIN
access-control-max-age: 86400
report-to: {"group":"ContributorLoggingHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ContributorLoggingHttp/external"}]}
content-type: text/html; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-AUSwfFvBGct5GX0HCkvhvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'nonce-AUSwfFvBGct5GX0HCkvhvA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxW7cICFVDHLuXQoIgpvOC-bTYyS-ScUBw4CPIPowwszXYsroXBR92qcCrejXZMxMJifu1_1tOyukYJUppWqRsPg_oy5gILMQPE3C17vNr5mmmSC71gQ-Xf0cRYJ-2hlw-4F6u2iSQ== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 226ms
225ms Script
application/javascript 142.251.10.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxW7cICFVDHLuXQoIgpvOC-bTYyS-ScUBw4CPIPowwszXYsroXBR92qcCrejXZMxMJifu1_1tOyukYJUppWqRsPg_oy5gILMQPE3C17vNr5mmmSC71gQ-Xf0cRYJ-2hlw-4F6u2iSQ==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNjYxMjg5ODEzLDkxODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsMTAsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLDEsMSxudWxsLG51bGwsMV0sImh0dHBzOi8vd3d3LnJldGhpbmsub25sL2luZGV4LnBocCIsbnVsbCxbXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.10.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS