www.yinksukblog.com.ng Open in urlscan Pro
162.241.218.217 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Submission: On August 14 via api (August 14th 2021, 6:16:20 am UTC) from GB

Summary HTTP 311 Redirects Links 30 Behaviour Indicators

Summary

This website contacted 41 IPs in 6 countries across 33 domains to perform 311 HTTP transactions. The main IP is 162.241.218.217, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is www.yinksukblog.com.ng.
TLS certificate: Issued by R3 on August 3rd 2021. Valid for: 3 months.

This is the only time www.yinksukblog.com.ng was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
34	162.241.218.217 162.241.218.217	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
12	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
24	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
6	2600:9000:218... 2600:9000:2181:f600:4:c961:9640:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:812::2002	15169 (GOOGLE) (GOOGLE)
12	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	54.225.129.59 54.225.129.59	14618 (AMAZON-AES) (AMAZON-AES)
4	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
1	2a03:2880:f04... 2a03:2880:f045:12:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
1	192.0.78.22 192.0.78.22	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
5	2600:1901:0:7... 2600:1901:0:76b9::	15169 (GOOGLE) (GOOGLE)
65	2606:4700:303... 2606:4700:3039::6815:c03b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
25	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1 8	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
2 5	2620:116:800d... 2620:116:800d:21:51e4:db4b:4436:b305	16509 (AMAZON-02) (AMAZON-02)
2 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
28	216.58.212.130 216.58.212.130	15169 (GOOGLE) (GOOGLE)
4 4	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
6 6	185.64.189.115 185.64.189.115	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.138 69.173.144.138	26667 (RUBICONPR...) (RUBICONPROJECT)
2 3	2a05:d01c:1d8... 2a05:d01c:1d8:8101:6861:1a90:aaf3:9d73	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:828::200a	15169 (GOOGLE) (GOOGLE)
1	13.32.22.59 13.32.22.59	16509 (AMAZON-02) (AMAZON-02)
1 1	18.194.175.178 18.194.175.178	16509 (AMAZON-02) (AMAZON-02)
6 6	104.111.215.191 104.111.215.191	16625 (AKAMAI-AS) (AKAMAI-AS)
4	2600:9000:210... 2600:9000:2104:4400:16:6c74:88c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 1	52.18.11.109 52.18.11.109	16509 (AMAZON-02) (AMAZON-02)
2 2	217.182.200.19 217.182.200.19	16276 (OVH) (OVH)
5	2606:4700:303... 2606:4700:3032::6815:57ae	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
5 15	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
10 10	142.250.185.230 142.250.185.230	15169 (GOOGLE) (GOOGLE)
5	148.251.139.77 148.251.139.77	24940 (HETZNER-AS) (HETZNER-AS)
311	41

34 162.241.218.217 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: box5593.bluehost.com

www.yinksukblog.com.ng	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

24 192.0.77.37 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2181:f600:4:c961:9640:93a1 (United States)

ASN16509 (AMAZON-02, US)

a.mailmunch.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:812::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 192.0.77.2 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

translate.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.225.129.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-129-59.compute-1.amazonaws.com

forms.mailmunch.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 192.0.77.32 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

widgets.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f045:12:face:b00c:0:2 (Amsterdam, Netherlands)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.78.22 (United States)

ASN2635 (AUTOMATTIC, US)

public-api.wordpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:1901:0:76b9:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

prod-rtb.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

65 2606:4700:3039::6815:c03b (United States)

ASN13335 (CLOUDFLARENET, US)

ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
as.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
assets.ad4m.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2620:116:800d:21:51e4:db4b:4436:b305 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 216.58.212.130 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.227.252.103 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.115 (United Kingdom) 6 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.138 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d01c:1d8:8101:6861:1a90:aaf3:9d73 (London, United Kingdom) 2 redirects

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.22.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-22-59.fra56.r.cloudfront.net

cf.mailmunch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.175.178 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-175-178.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.111.215.191 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:2104:4400:16:6c74:88c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.tools.unlayer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.11.109 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-11-109.eu-west-1.compute.amazonaws.com

pixel.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.182.200.19 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: gcm5.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700:3032::6815:57ae (United States)

ASN13335 (CLOUDFLARENET, US)

static-de.ad4mat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.111.239.217 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.250.185.230 (United States) 10 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 148.251.139.77 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.77.139.251.148.clients.your-server.de

banner.congstar.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	ad4m.at ad4m.at as.ad4m.at assets.ad4m.at	1 MB
55	doubleclick.net 10 redirects googleads.g.doubleclick.net cm.g.doubleclick.net ad.doubleclick.net	110 KB
43	wp.com c0.wp.com i0.wp.com i1.wp.com stats.wp.com i2.wp.com widgets.wp.com pixel.wp.com s0.wp.com	698 KB
37	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	430 KB
34	yinksukblog.com.ng www.yinksukblog.com.ng	2 MB
15	awin1.com 5 redirects www.awin1.com	10 KB
11	google.com 1 redirects translate.google.com adservice.google.com www.google.com	5 KB
10	ad4mat.net prod-rtb.ad4mat.net static-de.ad4mat.net	20 KB
8	gstatic.com fonts.gstatic.com www.gstatic.com	102 KB
7	googletagservices.com www.googletagservices.com	251 KB
7	mailmunch.co a.mailmunch.co forms.mailmunch.co	65 KB
7	googleapis.com fonts.googleapis.com ajax.googleapis.com translate.googleapis.com	353 KB
6	addthis.com 6 redirects e.dlx.addthis.com	4 KB
6	pubmatic.com 6 redirects image6.pubmatic.com	2 KB
5	congstar.de banner.congstar.de	3 KB
5	quantserve.com 2 redirects cms.quantserve.com	2 KB
4	unlayer.com cdn.tools.unlayer.com	38 KB
4	openx.net 4 redirects rtb.openx.net	1 KB
3	innovid.com 2 redirects ag.innovid.com	1 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	rlcdn.com 2 redirects id.rlcdn.com	1 KB
2	gemius.pl 2 redirects googlecm.hit.gemius.pl	504 B
2	google.de adservice.google.de	287 B
1	mookie1.com odr.mookie1.com	324 B
1	everesttech.net 1 redirects pixel.everesttech.net	378 B
1	agkn.com 1 redirects d.agkn.com	762 B
1	mailmunch.com cf.mailmunch.com	4 KB
1	wordpress.com public-api.wordpress.com	3 KB
1	facebook.com graph.facebook.com	643 B
1	googleadservices.com partner.googleadservices.com	267 B
1	gravatar.com secure.gravatar.com	5 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	ampproject.org cdn.ampproject.org	8 KB
311	33

	Domain	Requested by
34	www.yinksukblog.com.ng	www.yinksukblog.com.ng c0.wp.com
30	assets.ad4m.at	as.ad4m.at
28	cm.g.doubleclick.net	googleads.g.doubleclick.net www.yinksukblog.com.ng
25	tpc.googlesyndication.com	googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
25	ad4m.at	googleads.g.doubleclick.net ad4m.at
24	c0.wp.com	www.yinksukblog.com.ng
17	googleads.g.doubleclick.net	pagead2.googlesyndication.com www.yinksukblog.com.ng googleads.g.doubleclick.net
15	www.awin1.com	5 redirects as.ad4m.at
12	pagead2.googlesyndication.com	www.yinksukblog.com.ng pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
10	ad.doubleclick.net	10 redirects
10	as.ad4m.at	ad4m.at as.ad4m.at
8	www.google.com	1 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
7	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
6	e.dlx.addthis.com	6 redirects
6	image6.pubmatic.com	6 redirects
6	a.mailmunch.co	www.yinksukblog.com.ng a.mailmunch.co ajax.googleapis.com
5	banner.congstar.de	as.ad4m.at
5	static-de.ad4mat.net	ad4m.at
5	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
5	prod-rtb.ad4mat.net	www.yinksukblog.com.ng
5	fonts.gstatic.com	fonts.googleapis.com
5	i0.wp.com	www.yinksukblog.com.ng
4	cdn.tools.unlayer.com	www.yinksukblog.com.ng
4	rtb.openx.net	4 redirects
4	translate.googleapis.com	translate.google.com translate.googleapis.com srcdoc
4	i2.wp.com	www.yinksukblog.com.ng
3	ag.innovid.com	2 redirects googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
3	www.gstatic.com	www.yinksukblog.com.ng translate.googleapis.com
3	s0.wp.com	widgets.wp.com public-api.wordpress.com
3	i1.wp.com	www.yinksukblog.com.ng
2	googlecm.hit.gemius.pl	2 redirects
2	pixel.wp.com	www.yinksukblog.com.ng
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	fonts.googleapis.com	www.yinksukblog.com.ng a.mailmunch.co
1	odr.mookie1.com	googleads.g.doubleclick.net
1	pixel.everesttech.net	1 redirects
1	d.agkn.com	1 redirects
1	cf.mailmunch.com	a.mailmunch.co
1	public-api.wordpress.com	s0.wp.com
1	graph.facebook.com	c0.wp.com
1	widgets.wp.com	www.yinksukblog.com.ng
1	forms.mailmunch.co	a.mailmunch.co
1	ajax.googleapis.com	a.mailmunch.co
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	secure.gravatar.com	www.yinksukblog.com.ng
1	stats.wp.com	www.yinksukblog.com.ng
1	cdn.onesignal.com	www.yinksukblog.com.ng
1	translate.google.com	www.yinksukblog.com.ng
1	cdn.ampproject.org	www.yinksukblog.com.ng
311	52

This site contains links to these domains. Also see Links.

Domain
web.facebook.com
twitter.com
www.instagram.com
www.youtube.com
www.pinterest.com
www.facebook.com
www.linkedin.com
telegram.me
translate.google.com
facebook.com
wordpress.org

Subject Issuer	Validity	Valid
cpanel.yinksukblog.com.ng R3	`2021-08-03` - `2021-11-01`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.mailmunch.co Amazon	`2021-02-25` - `2022-03-26`	a year	crt.sh
misc-sni.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.gravatar.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-14` - `2022-11-16`	2 years	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
forms.mailmunch.co R3	`2021-08-13` - `2021-11-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
*.wordpress.com Sectigo RSA Domain Validation Secure Server CA	`2020-08-12` - `2022-11-14`	2 years	crt.sh
*.ad4mat.net AlphaSSL CA - SHA256 - G2	`2019-08-06` - `2021-09-08`	2 years	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
cdn.tools.unlayer.com Amazon	`2020-07-24` - `2021-08-24`	a year	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.congstar.de TeleSec ServerPass Class 2 CA	`2021-05-18` - `2022-05-23`	a year	crt.sh

This page contains 44 frames:

Primary Page: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Frame ID: 80F2D6032A627CCA71BF64F5C2ABBBE0
Requests: 108 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/zrt_lookup.html
Frame ID: 67052E6A2FF75C7D9680AC6B794B7F27
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&adk=1812271804&adf=3025194257&lmt=1628892199&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921757881&bpp=448&bdt=78&idt=625&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=287071621798&frm=20&pv=2&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=643
Frame ID: BC7C0E37D37858EF3D9698B264118C0F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=2054736868&adf=2471634399&pi=t.aa~a.771539599~i.11~rp.4&w=1038&fwrn=4&fwrnh=100&lmt=1628892199&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9386409732&psa=0&ad_type=text_image&format=1038x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rh=200&rw=1037&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=3&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0&nras=2&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=90&ady=2506&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Wt4K4NJKvT&p=https%3A//www.yinksukblog.com.ng&dtd=22
Frame ID: CF617E7BEFC259ADF24D2E0D0E6A42DB
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29
Frame ID: A1E4FAC4B4617BFC2D3AF4155E16937B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33
Frame ID: C081D7C30E2F887BC4CE63F49E0E743D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37
Frame ID: 3E9C7C644B2CC2112F9D16CD98428A12
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42
Frame ID: 7BECD2ED463A1CBA5E1B4F2A51792771
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46
Frame ID: AB984F94EE5C91DD5222B6480E42384F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50
Frame ID: 6FFFA839BA36A22E5E6EF8118F317658
Requests: 1 HTTP requests in this frame

Frame: https://widgets.wp.com/likes/master.html?ver=202132
Frame ID: E6C987725B258B3BE09DAE2C39D92FD5
Requests: 3 HTTP requests in this frame

Frame: https://public-api.wordpress.com/wp-admin/rest-proxy/
Frame ID: 71ADC854A1A7C5B3BD3E3F69F183D5B6
Requests: 2 HTTP requests in this frame

Frame: https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback
Frame ID: 3E51CDE5011D7CFA5B4FC4EF747270CA
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=ClFKjnl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgS9Ak_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXlozuQ9jrvdrYpk0mbunG_3nz6gAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTc0Mjg2MTM5MzgzOTk1MBgA&sigh=XqHC8lPFkOM
Frame ID: E8A9B73594B752F6D5BB0114165DA23F
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
Frame ID: 8488C70F754C90B580E87A8F9110840F
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 94B9B9A8D1C80273FB62A15865830298
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CvVGUnl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwQJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGHyk3cHZ7Ae6r78NUHFxIFS5V6ABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NzQyODYxMzkzODM5OTUwGAA&sigh=ehwNQsE3a3g
Frame ID: FCAB343513ADACBD139FB9BB1D7BBEB0
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
Frame ID: A8E8FBCDCB3B7F40FE88F44F17EA0013
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: A0E110404B4A24C3F4C0551979A70FB1
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CT5Mwnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bO2nkVjxCddQNf11nYr5SHzrqsoAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=QcdMI2_YaAM
Frame ID: 4664B21F4F76AB623A4A587003D4748F
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
Frame ID: 8F312FC5874743D62C40857C289D9346
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 6271CAD5B402554C9DEA6AF6986CE7CF
Requests: 9 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Montserrat:400,700&display=swap
Frame ID: 9AAB1A3C9A3F5D48503C43BB895A8680
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CMmY9nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgqz85eLPnbWbsAHE3vv_LnpVIsoAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=gsyicxNzTUQ
Frame ID: BB8E971D724A83060F1623BC14146E77
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
Frame ID: 30DAE1219D4E9B3F5D6029C9F8A86245
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 52FD19C7986BD46CBCB6B3F5167ABC90
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CgG00nl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8DdzcDXDIGd84SCR77E31oz88BqYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=0nPdmWMArZ8
Frame ID: 619DE8B76E24C5D85D18CFDA4C4F1F89
Requests: 7 HTTP requests in this frame

Frame: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
Frame ID: 1F6F085B0FBFC77AA623164BB6F54CF7
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 476C7AC68676FDAE44F422877DD3A5E3
Requests: 8 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 67AAC6ABCDFA5170D4C6D5F7D5D5B1D8
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: F4E318B991F9BBE924C0409B4A0FD401
Requests: 1 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 615AA03D2ADC61905B748E97302D9232
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/error_handler.js
Frame ID: 44EE081DDE025493299DB89FA5D37353
Requests: 9 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: E978B85398234007AD7A06D71D4D1784
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html
Frame ID: 300E472247E99B53007864E2AD5B2E17
Requests: 10 HTTP requests in this frame

Frame: https://ad4m.at/frame.html
Frame ID: 4B8BD3C8DFB7074F070038B5DF2A2440
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: F00AB6C65A755AB6A49540BFDAD756D5
Requests: 2 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Frame ID: C8A275FC3C6E748377B1506F8B132D75
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Frame ID: 8DA51F522D77F9F7BBD54153C9610616
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Frame ID: B67CCFFAAF75BD5395F6321DAE3E0CA6
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Frame ID: 326043AC32BD3188A92063DCCF46F501
Requests: 11 HTTP requests in this frame

Frame: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Frame ID: 8BE70B1E1C1B80C91D75B7DDFA3D24F9
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: FE8CB70C2A8BFC925D49CEEDD500D1A6
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: E1D35A1619C6F3F406C82143CFE410B4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+s\d+\.wp\.com/i
html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googlesyndication\.com\//i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

311
Requests

99 %
HTTPS

54 %
IPv6

33
Domains

52
Subdomains

41
IPs

6
Countries

6153 kB
Transfer

9523 kB
Size

6
Cookies

30 Outgoing links

These are links going to different origins than the main page.

URL: https://web.facebook.com/yinksukblog
Title:

Search URL Search Domain Scan URL

URL: https://twitter.com/yinksukblog
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/yinksukblogofficial/
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCTOdJ0MHR4O0E0150AsN5gw?view_as=subscriber
Title:

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/yinksukblog/
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Title:

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/&text=%E2%80%9CHushpuppi%20stole%20America%E2%80%99s%20money%20for%20North%20Korean%20hackers%2C%20but%20never%20knew%E2%80%9D%20%E2%80%93%20Kemi%20Olunloyo%20reveals
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/sharing/share-offsite/?url=https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/&title=%E2%80%9CHushpuppi%20stole%20America%E2%80%99s%20money%20for%20North%20Korean%20hackers%2C%20but%20never%20knew%E2%80%9D%20%E2%80%93%20Kemi%20Olunloyo%20reveals
Title:

Search URL Search Domain Scan URL

URL: https://telegram.me/share/url?url=https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/&text&title=%E2%80%9CHushpuppi%20stole%20America%E2%80%99s%20money%20for%20North%20Korean%20hackers%2C%20but%20never%20knew%E2%80%9D%20%E2%80%93%20Kemi%20Olunloyo%20reveals
Title:

Search URL Search Domain Scan URL

URL: https://translate.google.com/
Title: Translate

Search URL Search Domain Scan URL

URL: https://facebook.com/108928444801211
Title: Yinksukblog

Search URL Search Domain Scan URL

URL: https://www.facebook.com/108928444801211_118266610534061
Title: View on Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.facebook.com%2F108928444801211_118266610534061
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https%3A%2F%2Fwww.facebook.com%2F108928444801211_118266610534061
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.facebook.com%2F108928444801211_118266610534061&title=%09%09%09Elaine%20Thompson-Herah%20became%20the%20second-fastest%20woman%20in%20history%20as%20she%20beat%20fellow%20Jamaican%20Shelly-Ann%20Fraser-Pryce%20to%20defend%20her%20Olympic%20100m%20title%20in%20Tokyo.The%2029-year-old%20ran%2010.61%20seconds%2C%20just%200.12secs%20short%20of%20the%2033-year-old%20world%20record%20set%20by%20American%20Florence%20Griffith-Joyner.Shericka%20Jackson%20completed%20a%20Jamaican%20one-two-three%20with%20a%20time%20of%2010.76%2C%200.02%20behind%20Fraser-Pryce.%09%09%09%09
Title: Share on Linked In

Search URL Search Domain Scan URL

URL: https://www.facebook.com/108928444801211_117946257232763
Title: View on Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.facebook.com%2F108928444801211_117946257232763
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https%3A%2F%2Fwww.facebook.com%2F108928444801211_117946257232763
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.facebook.com%2F108928444801211_117946257232763&title=%09%09%09Relationship%20expert%2C%20Blessing%20Okoro%20has%20countered%20claim%20of%20%27men%20being%20polygamous%20in%20nature%27%20in%20a%20new%20video%20she%20shared%20on%20Instagram.According%20to%20Okoro%2C%20African%20men%20cheat%20carelessly%20because%20they%20live%20in%20lawless%20countries.%20She%20also%20claimed%20that%20these%20men%20behave%20themselves%20when%20they%20travel%20abroad%20because%20they%20know%20they%20will%20be%20%26quot%3Bsued%20for%20everything%20they%20own.%26quot%3BOkoro%09%09%09%09
Title: Share on Linked In

Search URL Search Domain Scan URL

URL: https://www.facebook.com/108928444801211_116760177351371
Title: View on Facebook

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.facebook.com%2F108928444801211_116760177351371
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=https%3A%2F%2Fwww.facebook.com%2F108928444801211_116760177351371
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.facebook.com%2F108928444801211_116760177351371&title=%09%09%09Global%20cigarette%20manufacturers%2C%20Philip%20Morris%20International%20says%20it%20will%20stop%20selling%20Marlboro%20cigarettes%20in%20Britain%20within%20the%20next%20ten%20years%20as%20it%20called%20on%20the%20UK%20government%20to%20ban%20the%20sale%20of%20its%20tobacco%20products.%09%09%09%09
Title: Share on Linked In

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tv/CSh6hZ8H2kX/
Title: #BBNaija: “I like Cross, but I feel he’s not s

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tv/CShl60mnuoI/
Title: Woman who ended her marriage with prophet after he

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tv/CSgn5VEnDZ5/
Title: Woman who ended her marriage with prophet after he

Search URL Search Domain Scan URL

URL: https://www.instagram.com/p/CShqtL_Hr8O/
Title: #BBNaija - The housemates parade before the debate

Search URL Search Domain Scan URL

URL: https://wordpress.org/
Title: (c) 2020 - 2021

Search URL Search Domain Scan URL

URL: https://www.instagram.com/yinksukblogng/
Title: Share on Instagram

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/yinksukblog/_created/
Title: Share on Pinterest

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 140

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJCeff4X5a8rmlH0-7xv-4IToXMlAUBSC3vdPXiieaJ-6UNZrXR_at2vUg_keAd3d52_xr-6q5_90Ihw-vjKdOsTqkUhuo&google_gid=CAESEODbWpdebNcLi4DXK81bWyw&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJ-_3YgGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBKQ2VmZjRYNWE4cm1sSDAtN3h2LTRJVG9YTWxBVUJTQzN2ZFBYaWllYUotNlVOWnJYUl9hdDJ2VWdfa2VBZDNkNTJfeHItNnE1XzkwSWh3LXZqS2RPc1Rxa1VodW8 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbzlYSlZ0Zmx6aDNiMmFnazZNaFQyeEtCWmxEbm5KN25FMTU2WFhyTDUwZw==&google_push

Request Chain 141

https://rtb.openx.net/sync/dds?google_gid=CAESEABVTnQN9FGca6Jt_n4yPnA&google_cver=1&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8 HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEABVTnQN9FGca6Jt_n4yPnA&google_cver=1&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Request Chain 142

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELucfHi78mEVmq581wvfQTI&google_cver=1&google_push=AYg5qPJuXO_3MPSRD39KnKedGSQsp4dJefPLimZegdf39kvK6LEM1un1_mEE47c5olB-OCnifXGmGUetLWEmPp3QaTQWaE06V4s HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESELucfHi78mEVmq581wvfQTI&google_cver=1&google_push=AYg5qPJuXO_3MPSRD39KnKedGSQsp4dJefPLimZegdf39kvK6LEM1un1_mEE47c5olB-OCnifXGmGUetLWEmPp3QaTQWaE06V4s&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJuXO_3MPSRD39KnKedGSQsp4dJefPLimZegdf39kvK6LEM1un1_mEE47c5olB-OCnifXGmGUetLWEmPp3QaTQWaE06V4s

Request Chain 143

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJVwA2rzzMYL8b6NScnEEtM&google_cver=1&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh92uzJF4MQDIGfEJDNzRl4-oc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUFQtMy02OUEz&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh92uzJF4MQDIGfEJDNzRl4-oc

Request Chain 144

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1

Request Chain 152

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDPVXoepiOBeOkijr3-iWIE&google_cver=1&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1LynLOWWxWo4xBMELyWuAnhepbB7FL5jTWnpgRydnQ HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1LynLOWWxWo4xBMELyWuAnhepbB7FL5jTWnpgRydnQ&google_hm=VGLtUueR082JSV_V3teKxA

Request Chain 153

https://d.agkn.com/pixel/2175/?google_gid=CAESEBEj14gPF-zhu9PKPJiPdlY&google_cver=1&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM&google_hm=Q0FFU0VCRWoxNGdQRi16aHU5UEtQSmlQZGxZ

Request Chain 154

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcNdq9Z8VsNea1-TY8cekLGU-lSvLUQ&google_gid=CAESEDQ7wmxjjj6mP6wjGDgfyPk&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcNdq9Z8VsNea1-TY8cekLGU-lSvLUQ&google_gid=CAESEDQ7wmxjjj6mP6wjGDgfyPk&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcNdq9Z8VsNea1-TY8cekLGU-lSvLUQ

Request Chain 155

https://rtb.openx.net/sync/dds?google_gid=CAESEPsBHgusMTZhhVyKyShMXn8&google_cver=1&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Request Chain 156

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEIDt5u-m30DDXHdMzOcw1GE&google_cver=1&google_push=AYg5qPLDvxT3lWvL8eLGxdJOq57kxNDOEvyYmgkd_4gvMjHOzTSBP8LF4ZoiaDoizkhQUnrs2_33FGnf3ESXl8aP1qVrmDI9QwQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLDvxT3lWvL8eLGxdJOq57kxNDOEvyYmgkd_4gvMjHOzTSBP8LF4ZoiaDoizkhQUnrs2_33FGnf3ESXl8aP1qVrmDI9QwQ

Request Chain 157

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMa0bPorvO6h9cB3Av5mIvc&google_cver=1&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqOkDLojlzmtiYCaq0bLAKpIT0E HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUzYtMUstQ1hRWQ==&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqOkDLojlzmtiYCaq0bLAKpIT0E

Request Chain 158

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_cver=1&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1

Request Chain 191

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc5u8KRMdxe40JuRRjMA7xcV2jQ_1rYmSeZdQSgKFhlPla_3hmKK54hrR4x3A&google_gid=CAESEHM3isxgOVSiQfAcFHmJNdM&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJkZm53QUFCT1J3QEVDZw&google_push=AYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc5u8KRMdxe40JuRRjMA7xcV2jQ_1rYmSeZdQSgKFhlPla_3hmKK54hrR4x3A

Request Chain 192

https://rtb.openx.net/sync/dds?google_gid=CAESECcfIuNJA8oFH7F-FsIxYoA&google_cver=1&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Request Chain 193

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEPhlekdActXou92n6k1SBuE&google_cver=1&google_push=AYg5qPKkzDxYpFzVkkNkKH9nHY4n21_MQOsxC80TzXOsa_0pUHEpt1gerK-I-qR5kKLeqGs06kml6ORk4Dns6gFnBhxrEAITcoCo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKkzDxYpFzVkkNkKH9nHY4n21_MQOsxC80TzXOsa_0pUHEpt1gerK-I-qR5kKLeqGs06kml6ORk4Dns6gFnBhxrEAITcoCo

Request Chain 194

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1

Request Chain 195

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJ2abKUQmxR73c7nCFdSzDw&google_cver=1&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6va4WFSw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6va4WFSw&google_hm=7E93LMaYRO-nvp2J4JvQ2A

Request Chain 196

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEK-9zkt_fjcPiGn8ooKbtNM&google_cver=1&google_push=AYg5qPLfKEwlrWhr4kBGdxUBXp4BQNPw5gWQJlXbVPyE7e46KJACj98f1RDjz4JhuIpTvJ0dGa36SacD04xttw0ANZby5L7yF_xdKA HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLfKEwlrWhr4kBGdxUBXp4BQNPw5gWQJlXbVPyE7e46KJACj98f1RDjz4JhuIpTvJ0dGa36SacD04xttw0ANZby5L7yF_xdKA&google_hm=

Request Chain 213

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQKcURtKtMcKrDs_xCXfMoww2F113Vo0&google_gid=CAESEE5qdU4nn4gNwiiTL8PDM4w&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQKcURtKtMcKrDs_xCXfMoww2F113Vo0&google_gid=CAESEE5qdU4nn4gNwiiTL8PDM4w&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE2MDAwMDAxMTI2OTM0NDI0OQ%3D%3D&google_push=AYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQKcURtKtMcKrDs_xCXfMoww2F113Vo0

Request Chain 214

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEGsT4Cc0CUCOYclZguUUBnQ&google_cver=1&google_push=AYg5qPKpRMtFhTq9KYFqzNHQB_-jSwQycnVFSd05wPVfN4c3kI6AXbtYvfWqhk4MUhZfMfGIJ4Fx6iEDp6musMXc9Hq8vmLCa-3G HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpRMtFhTq9KYFqzNHQB_-jSwQycnVFSd05wPVfN4c3kI6AXbtYvfWqhk4MUhZfMfGIJ4Fx6iEDp6musMXc9Hq8vmLCa-3G

Request Chain 215

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJMv_FhTkbaCQtTgcKJF998&google_cver=1&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo4w71viBPAxVnU6Mq6EbyZ3gxD HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIWDctMVctRlJUOA==&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo4w71viBPAxVnU6Mq6EbyZ3gxD

Request Chain 216

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEKxBi0Kk0_3WUBHfUavDwWM&google_cver=1&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBbh2uw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBbh2uw&google_hm=7E93LMaYRO-nvp2J4JvQ2A

Request Chain 219

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC5RfIBvcfCNCLbCZ1-gfZM&google_cver=1&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-D_YuQvEgyf6QJOio5mO-Z7YTKSVoYaqzrUEQa0Kw HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-D_YuQvEgyf6QJOio5mO-Z7YTKSVoYaqzrUEQa0Kw&google_hm=VGLtUueR082JSV_V3teKxA

Request Chain 220

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZoEmX0VAquUXGWNK0I_M4vFAgc03K4&google_gid=CAESENh1flZxL8P1NzQVA_qy55A&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZoEmX0VAquUXGWNK0I_M4vFAgc03K4&google_gid=CAESENh1flZxL8P1NzQVA_qy55A&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZoEmX0VAquUXGWNK0I_M4vFAgc03K4

Request Chain 222

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEMe2SD2FroojkfRzIFdk02Q&google_cver=1&google_push=AYg5qPJ4BzL0PczOfMB7aeNLNSyWh9Fxm990-g0i4LxAozIJCx4EN0ObplnAzgbdI6RYA3Vw9esFB9tM38K9LfSMeUV_NKfTlwo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4BzL0PczOfMB7aeNLNSyWh9Fxm990-g0i4LxAozIJCx4EN0ObplnAzgbdI6RYA3Vw9esFB9tM38K9LfSMeUV_NKfTlwo

Request Chain 223

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKxWttoiXGqcDew6417TGRY&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY

Request Chain 224

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIbpODc29wFU5DEDWn6MX5Y&google_cver=1&google_push=AYg5qPKlyGfOXRELAFkzxYUroF9kxjPnR6JMY3aJtM7xWWZLTJlXYA6OKwGXpevE0PMEZcbAr4KLXg6t1_G383eL6UwUix0Tunk HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKlyGfOXRELAFkzxYUroF9kxjPnR6JMY3aJtM7xWWZLTJlXYA6OKwGXpevE0PMEZcbAr4KLXg6t1_G383eL6UwUix0Tunk&google_hm=

Request Chain 253

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 269

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CLqgiLfur_ICFVAr4Aod6vgMKA;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18727da0-fcc7-11eb-9723-692d00a25ac2

Request Chain 279

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CP6fiLfur_ICFYnuuwgdIJIBaQ;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_1872a4b0-fcc7-11eb-a5ea-692d04ef6a29

Request Chain 289

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKPoneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CJqfiLfur_ICFcaEgwcdNYcErw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKPoneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKPoneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187ba560-fcc7-11eb-9723-692d00a25ac2

Request Chain 299

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CNWciLfur_ICFSWK_QcdPn0Fsw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187da130-fcc7-11eb-9723-692d00a25ac2

Request Chain 309

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CO-siLfur_ICFd7juwgdnhcDtw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18790d50-fcc7-11eb-a5ea-692d04ef6a29

311 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/ 128 KB
43 KB 882ms
238ms Document
text/html 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 3217f8327de850554d14912899be053f5dd80da82e2e7ad833c61c6150524153

Request headers

:method: GET
:authority: www.yinksukblog.com.ng
:scheme: https
:path: /hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
server: nginx/1.19.10
content-type: text/html; charset=UTF-8
vary: User-Agent,Accept-Encoding
last-modified: Fri, 13 Aug 2021 22:03:19 GMT
accept-ranges: bytes
content-encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
expires: Mon, 29 Oct 1923 20:30:00 GMT
x-server-cache: false

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 139 KB
49 KB 42ms
36ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ba45b9535d8b81f446e72a0f37425bb253fe5a084d71d58830fb19f48d3f3529

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49910
x-xss-protection: 0
server: cafe
etag: 16784155829801746734
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 14 Aug 2021 06:15:57 GMT

GET
H2 200 5tqep.css
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/lphp1jte/ 17 KB
4 KB 290ms
286ms Stylesheet
text/css 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/lphp1jte/5tqep.css
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: f42aebac13af38b697e9013a6eed3aa0cb40d06f70c628847797f56cca9d46df

Request headers

:path: /wp-content/cache/wpfc-minified/lphp1jte/5tqep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4018
expires: max-age=A10368000, public

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/block-library/ 57 KB
8 KB 120ms
38ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/block-library/style.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Tue, 06 Apr 2021 23:50:28 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/5.7.2/wp-includes/js/mediaelement/ 11 KB
2 KB 120ms
39ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/5.7.2/wp-includes/js/mediaelement/ 4 KB
1 KB 165ms
83ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/components/ 109 KB
15 KB 151ms
70ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/components/style.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

326d0bda74e1b897845728260dafccd9ec8847ce2180eb0cae0255097308f688

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Wed, 24 Feb 2021 15:57:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/block-editor/ 91 KB
11 KB 125ms
44ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/block-editor/style.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

26a8833b3f616d42ce16ba186e2283f43aaca6b97ce2231d38e8789bfc6f0798

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Wed, 24 Feb 2021 15:57:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/nux/ 3 KB
729 B 125ms
44ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/nux/style.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f14fdd346b1ec64d40a6a03c7cfb4561f784e8249c1fde667bf018ccff66c238

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Thu, 28 Jan 2021 02:04:13 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 style.min.css
c0.wp.com/c/5.7.2/wp-includes/css/dist/editor/ 22 KB
4 KB 150ms
69ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/css/dist/editor/style.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

caceb5c6afee7548a5281cfe5be7af62aee13db7652c5425af34a7d2661dd9fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Tue, 02 Feb 2021 05:17:13 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 5tqep.css
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/6meanoye/ 168 KB
17 KB 262ms
259ms Stylesheet
text/css 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/6meanoye/5tqep.css
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 8b54a946205233b29cbcea01f70d20c4c1897fce9d99635f6168763b6e686ff2

Request headers

:path: /wp-content/cache/wpfc-minified/6meanoye/5tqep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 17221
expires: max-age=A10368000, public

GET
H2 200 css
fonts.googleapis.com/ 6 KB
741 B 17ms
14ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7c1cbb60eb0258c75e0899c8b9aebad368df98fe59083fd42df3d2b9de0ea335

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 04:50:40 GMT
server: ESF
date: Sat, 14 Aug 2021 06:15:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 14 Aug 2021 06:15:57 GMT

GET
H2 200 5tqep.css
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/ 343 KB
79 KB 288ms
285ms Stylesheet
text/css 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 65cb639ca35f9b410dc800eaa2204079224ff907da1ca90575c1c27b94980373

Request headers

:path: /wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: max-age=A10368000, public

GET
H2 200 social-logos.min.css
c0.wp.com/p/jetpack/10.0/_inc/social-logos/ 12 KB
8 KB 150ms
69ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/social-logos/social-logos.min.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Tue, 30 Jun 2020 14:24:10 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 jetpack.css
c0.wp.com/p/jetpack/10.0/css/ 85 KB
16 KB 124ms
44ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/css/jetpack.css

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5aa600aea047cb99c7e2c22e7edaf89f0539a6772a21981636e21da89bed440a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Tue, 03 Aug 2021 16:19:12 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/jquery/ 87 KB
30 KB 164ms
84ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/jquery.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Wed, 07 Oct 2020 16:33:25 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/jquery/ 11 KB
4 KB 164ms
84ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/dist/vendor/ 97 KB
32 KB 164ms
84ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Mon, 29 Jun 2020 11:50:29 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 dom-ready.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/dist/ 1 KB
576 B 163ms
84ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/dist/dom-ready.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e73356d7f272c8b109ef3b61568f5502c6f6b7fb698d4446364c9a02965f985b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: br
last-modified: Wed, 24 Feb 2021 15:57:54 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:57 GMT

GET
H2 200 5tqep.js Show response
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/o48rvmt/ 607 B
438 B 250ms
248ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/o48rvmt/5tqep.js
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 088c41f64d9e5f1be3bc6a8aef4af527fec627f3c359af213b11f589d34a3337

Request headers

:path: /wp-content/cache/wpfc-minified/o48rvmt/5tqep.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 318
expires: max-age=A10368000, public

GET
H2 200 5tqep.js Show response
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/jysvliip/ 242 KB
77 KB 403ms
402ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/jysvliip/5tqep.js
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 0dfaf00c6bc145931492fc92c26ab1c4d0cb1158332b0b088e3b5eb7d493ae83

Request headers

:path: /wp-content/cache/wpfc-minified/jysvliip/5tqep.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:57 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: max-age=A10368000, public

GET
H2 200 site.js Show response
a.mailmunch.co/app/v1/ 25 KB
9 KB 122ms
32ms Script
text/javascript 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mailmunch.co/app/v1/site.js
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: efceae2f2475075b2e737e584c68fb69a695eb636a72970570ef0369138c77da

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 12 Aug 2021 07:35:41 GMT
content-encoding: gzip
age: 168018
x-cache: Hit from cloudfront
content-length: 8233
access-control-allow-origin: *
last-modified: Wed, 11 Aug 2021 12:54:55 GMT
server: AmazonS3
etag: "fb2fe9a8418332afac27a117accec02b"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: text/javascript
via: 1.1 c76130909cba12f494ee98f488e40753.cloudfront.net (CloudFront)
access-control-expose-headers: ETag
cache-control: max-age=172800
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-amz-cf-id: ZbO7keZiF5nUGYK--kr-48OEwek_szT_eIHokcf0arbtOkQgB4A_RQ==

GET
H2 200 amp-auto-ads-0.1.js Show response
cdn.ampproject.org/v0/ 21 KB
8 KB 37ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-auto-ads-0.1.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b5bcbc564238e76f3fe1beaa687f04b4f8599de33680881a34df9732ea3662

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6758
x-xss-protection: 0
server: sffe
date: Sat, 14 Aug 2021 06:15:58 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: private, max-age=604800, stale-while-revalidate=604800
etag: "001c93680076fe2c"
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 14 Aug 2021 06:15:58 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/ 252 KB
93 KB 32ms
29ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5742861393839950&plah=www.yinksukblog.com.ng

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d05921972a05d43b86b07c7e074afff197f96c2f953a9f8595c2b59ba34cc3d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95570
x-xss-protection: 0
server: cafe
etag: 10066065015092213272
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sat, 14 Aug 2021 06:15:58 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/ Frame 6705 10 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210809/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210809/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 21:06:33 GMT
expires: Fri, 27 Aug 2021 21:06:33 GMT
content-type: text/html; charset=UTF-8
etag: 8999110079160743657
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4576
x-xss-protection: 0
age: 32964
cache-control: public, max-age=1209600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 100052027_277159520137627_3375590113660600623_n.jpg
i0.wp.com/www.gistreel.com/wp-content/uploads/2021/08/ 45 KB
46 KB 119ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.gistreel.com/wp-content/uploads/2021/08/100052027_277159520137627_3375590113660600623_n.jpg?w=640&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

41885c95c8d2d89d2d620c7d3a4099c1aff2c758d013cb060a75faa7e9aa511c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:41 GMT
server: nginx
etag: "a0772ade83d1635d"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.gistreel.com/wp-content/uploads/2021/08/100052027_277159520137627_3375590113660600623_n.jpg>; rel="canonical"
content-length: 46580
expires: Mon, 14 Aug 2023 17:26:41 GMT

GET
H2 200 spinner.gif
www.yinksukblog.com.ng/wp-content/plugins/email-subscribers/lite/public/images/ 3 KB
3 KB 531ms
528ms Image
image/gif 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/email-subscribers/lite/public/images/spinner.gif
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c

Request headers

:path: /wp-content/plugins/email-subscribers/lite/public/images/spinner.gif
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Sat, 17 Jul 2021 09:13:22 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/gif
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3208
expires: max-age=A10368000, public

GET
H2 200 placeholder.png
i0.wp.com/www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed//assets/img/ 38 B
233 B 119ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed//assets/img/placeholder.png?resize=40%2C40&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

1bce9b967c390389824b65f32db8712723d6e2fbd06a0d9552008e6cb595ec52

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Jul 2021 11:38:23 GMT
server: nginx
etag: "56409288797c0d6c"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed//assets/img/placeholder.png>; rel="canonical"
content-length: 38
expires: Sat, 08 Jul 2023 23:38:23 GMT

GET
H2 200 yinksukblogofficial.jpg
i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/ 562 B
758 B 155ms
74ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/yinksukblogofficial.jpg?resize=50%2C50&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

a3f3c672d05edee11fd2baecaba1e7ea3bc71b7fcac9bbdbddd564af7ee6c226

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 22 Jul 2021 18:02:49 GMT
server: nginx
etag: "062c174bb278d976"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/yinksukblogofficial.jpg>; rel="canonical"
content-length: 562
expires: Sun, 23 Jul 2023 06:02:49 GMT

GET
H2 200 placeholder.png
i1.wp.com/www.yinksukblog.com.ng/wp-content/plugins/instagram-feed/img/ 480 B
805 B 120ms
37ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.yinksukblog.com.ng/wp-content/plugins/instagram-feed/img/placeholder.png?w=640&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

38780fd37862e840afebe9cc9ae8c76e9201b13d136621d4760f54bcb1983c44

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 08 May 2021 14:10:16 GMT
server: nginx
etag: "0af8fcf9ab40a379"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/plugins/instagram-feed/img/placeholder.png>; rel="canonical"
content-length: 480
expires: Tue, 09 May 2023 02:10:16 GMT

GET
H2 200 5tqep.css
www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/qtta8ilp/ 127 KB
14 KB 247ms
246ms Stylesheet
text/css 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/qtta8ilp/5tqep.css
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 9f5ea4707945bf80aca93756c3138990a008f91e292c8effd5f9d9b3677d4c72

Request headers

:path: /wp-content/cache/wpfc-minified/qtta8ilp/5tqep.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Sat, 07 Aug 2021 05:16:09 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 13792
expires: max-age=A10368000, public

GET
H2 200 photon.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/photon/ 758 B
471 B 38ms
37ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/photon/photon.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Tue, 31 Mar 2020 17:26:38 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 index.js Show response
www.yinksukblog.com.ng/wp-content/plugins/contact-form-7/includes/js/ 13 KB
5 KB 290ms
285ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19

Request headers

:path: /wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.4.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Wed, 14 Jul 2021 09:13:20 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 5097
expires: max-age=A10368000, public

GET
H2 200 scripts.js Show response
www.yinksukblog.com.ng/wp-content/plugins/google-language-translator/js/ 13 KB
4 KB 304ms
299ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.11
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 37b945e5fe609563e83b37edcbfe3d18aac072a55fc8962978afdf597a3c4aa8

Request headers

:path: /wp-content/plugins/google-language-translator/js/scripts.js?ver=6.0.11
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Thu, 22 Jul 2021 09:13:27 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 3787
expires: max-age=A10368000, public

GET
H2 200 element.js Show response
translate.google.com/translate_a/ 10 KB
4 KB 39ms
16ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

a617ceea1bb0b8e9f01a9c18853ec6abce371fc0d16c136cd8cba72348a7eaa5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: HTTP server (unknown)
content-language: en
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3855
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/ 20 KB
6 KB 42ms
37ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 datepicker.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/ 35 KB
10 KB 42ms
38ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/ui/datepicker.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

60e04dcb9483e44801771aab65df07bfa3fabbaf9a4386fd05f568d0e4d8710d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 hustle-ui.min.js Show response
www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/hustle-ui/js/ 101 KB
37 KB 385ms
380ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/hustle-ui/js/hustle-ui.min.js?ver=4.4.4
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 0969d06336bfabbe2ce45a111e772ee05034d5765676a38fffc5f49ca714fede

Request headers

:path: /wp-content/plugins/wordpress-popup/assets/hustle-ui/js/hustle-ui.min.js?ver=4.4.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:35:28 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: max-age=A10368000, public

GET
H2 200 underscore.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/ 16 KB
5 KB 42ms
38ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/underscore.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 front.min.js Show response
www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/js/ 48 KB
18 KB 311ms
307ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/js/front.min.js?ver=4.4.4
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: ccb943cf9639adeb937311f3f3f7dc3470457a389503cda2f15a147bb7cd2847

Request headers

:path: /wp-content/plugins/wordpress-popup/assets/js/front.min.js?ver=4.4.4
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:35:28 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: max-age=A10368000, public

GET
H2 200 comment-reply.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/ 3 KB
1 KB 42ms
38ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/comment-reply.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Thu, 25 Mar 2021 20:02:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 cff-scripts.js Show response
www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/js/ 52 KB
19 KB 532ms
528ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/js/cff-scripts.js?ver=2.19.3
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 2f0d44eda942cc347ef1998fc4660330bfbd3d7cd43f21b9956544135ba296b0

Request headers

:path: /wp-content/plugins/custom-facebook-feed/assets/js/cff-scripts.js?ver=2.19.3
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Wed, 21 Jul 2021 21:13:45 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
expires: max-age=A10368000, public

GET
H2 200 wp-embed.min.js Show response
c0.wp.com/c/5.7.2/wp-includes/js/ 1 KB
719 B 42ms
38ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/5.7.2/wp-includes/js/wp-embed.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Wed, 06 Jan 2021 15:29:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 41ms
22ms Script
application/javascript 2606:4700::6812:e134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.7.2
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 943
etag: W/"3e792b2dc76a5a063e1c4f30d40ae527"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 67e80d3d9ee0430f-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Tue, 17 Aug 2021 06:15:58 GMT

GET
H2 200 postmessage.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/ 6 KB
3 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/postmessage.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Tue, 05 Jan 2021 15:42:42 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 jquery.jetpack-resize.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/ 3 KB
1 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/jquery.jetpack-resize.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Wed, 01 May 2019 01:21:49 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 queuehandler.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/likes/ 6 KB
2 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/likes/queuehandler.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

37a14da858caee742741d5f558bc6489f9abcefee4aebb9f68db96106e38f2c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Tue, 27 Jul 2021 22:52:10 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 related-posts.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/related-posts/ 6 KB
2 KB 44ms
40ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/related-posts/related-posts.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9c6975c674a7c3077bd95750428313e78b92d370b90ca5a303b627c71d2afcf3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Tue, 25 May 2021 17:58:16 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 form.js Show response
www.yinksukblog.com.ng/wp-content/plugins/akismet/_inc/ 700 B
377 B 374ms
372ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/akismet/_inc/form.js?ver=4.1.10
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531

Request headers

:path: /wp-content/plugins/akismet/_inc/form.js?ver=4.1.10
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Tue, 06 Jul 2021 21:16:27 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 318
expires: max-age=A10368000, public

GET
H2 200 sbi-scripts.min.js Show response
www.yinksukblog.com.ng/wp-content/plugins/instagram-feed/js/ 26 KB
9 KB 310ms
306ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=2.9.2
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 25ea523d2867c1c5a6e150aa0b4df05d77a1a97c5256061dfbfc32d45743be79

Request headers

:path: /wp-content/plugins/instagram-feed/js/sbi-scripts.min.js?ver=2.9.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 21:13:12 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 9355
expires: max-age=A10368000, public

GET
H2 200 custom.js Show response
www.yinksukblog.com.ng/wp-content/themes/newsup/js/ 3 KB
1021 B 532ms
528ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/themes/newsup/js/custom.js?ver=5.7.2
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: abcdc607967d98da9df4700d22fae97f064ac1689672214c84263a102319a1c9

Request headers

:path: /wp-content/themes/newsup/js/custom.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 08:09:38 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 985
expires: max-age=A10368000, public

GET
H2 200 custom-time.js Show response
www.yinksukblog.com.ng/wp-content/themes/newsup/js/ 249 B
225 B 533ms
529ms Script
application/javascript 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/themes/newsup/js/custom-time.js?ver=5.7.2
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: be921ee4f5ad24cf0fe14f3c528c900edb5f5a3229cbc47cc282957271fa709d

Request headers

:path: /wp-content/themes/newsup/js/custom-time.js?ver=5.7.2
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Thu, 29 Apr 2021 08:09:38 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 189
expires: max-age=A10368000, public

GET
H2 200 sharing.min.js Show response
c0.wp.com/p/jetpack/10.0/_inc/build/sharedaddy/ 12 KB
4 KB 51ms
48ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/p/jetpack/10.0/_inc/build/sharedaddy/sharing.min.js

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: br
last-modified: Tue, 26 Jan 2021 16:25:48 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
strict-transport-security: max-age=15552000
timing-allow-origin: *
expires: Sun, 14 Aug 2022 06:15:58 GMT

GET
H2 200 e-202132.js Show response
stats.wp.com/ 9 KB
3 KB 119ms
37ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202132.js
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 01 Aug 2022 00:28:00 GMT

GET
H2 200 head-back.jpg
www.yinksukblog.com.ng/wp-content/themes/newsup/images/ 214 KB
216 KB 383ms
383ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/themes/newsup/images/head-back.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 37637582d715f8ff4aed6a140b00a766205c05294e64c8bf7bcfb8c9d4faabc0

Request headers

:path: /wp-content/themes/newsup/images/head-back.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Thu, 29 Apr 2021 08:09:38 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 219160
expires: max-age=A10368000, public

GET
H2 200 fontawesome-webfont.woff2
www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/fonts/ 75 KB
76 KB 521ms
520ms Font
application/font-woff2 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

:path: /wp-content/plugins/custom-facebook-feed/assets/fonts/fontawesome-webfont.woff2?v=4.7.0
pragma: no-cache
origin: https://www.yinksukblog.com.ng
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.yinksukblog.com.ng
Referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Wed, 21 Jul 2021 21:13:45 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: application/font-woff2
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 77160
expires: max-age=A10368000, public

GET
H2 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat%3A400%2C500%2C700%2C800%7CWork%2BSans%3A300%2C400%2C500%2C600%2C700%2C800%2C900%26display%3Dswap&subset=latin%2Clatin-ext

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.yinksukblog.com.ng
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:38:53 GMT
x-content-type-options: nosniff
age: 365825
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:38:53 GMT

GET
H2 200 cropped-YINK.png
i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/06/ 99 KB
100 KB 122ms
73ms Image
image/png 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/06/cropped-YINK.png?w=1113&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

b8b131949e1dc4bb6fce3282556ef82678ebfcd67607760c8e8ec3fa5eb0467a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Jul 2021 18:43:42 GMT
server: nginx
etag: "dd505f270046c434"
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=63115200
x-optim-disabled: true
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/06/cropped-YINK.png>; rel="canonical"
content-length: 101593
expires: Sun, 09 Jul 2023 06:43:42 GMT

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ 20 KB
20 KB 15ms
13ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_c5H3gnD_g.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a3202c5584350517cab7f1de0d43d54db0979c449df18fe70241e8c35de80919

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.yinksukblog.com.ng
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 09:03:52 GMT
x-content-type-options: nosniff
age: 335526
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20016
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:21:37 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 09:03:52 GMT

GET
DATA 200
OK truncated
/ 7 KB
7 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c

Request headers

Origin: https://www.yinksukblog.com.ng
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 083defff4fdf32f444faca5f4ad9bc20
secure.gravatar.com/avatar/ 5 KB
5 KB 20ms
5ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/083defff4fdf32f444faca5f4ad9bc20?s=150&r=g
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 95c46541396b520fceb5876ef0162a915034c342ab21cc0465fe085ff366a383

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="083defff4fdf32f444faca5f4ad9bc20.jpg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/083defff4fdf32f444faca5f4ad9bc20?s=150&r=g>; rel="canonical"
content-length: 5015
expires: Sat, 14 Aug 2021 06:20:58 GMT

GET
H2 200 img_8991.jpg
i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 40 KB
41 KB 74ms
73ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8991.jpg?w=821&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

25d598228d9701f39cf2fa1b2a1196b7826afc43943df00efc025844215f9e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:42 GMT
server: nginx
etag: "f7625d30f4abc2fd"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8991.jpg>; rel="canonical"
content-length: 41422
expires: Mon, 14 Aug 2023 17:26:42 GMT

GET
H2 200 Screenshot_20210813-194649.png
i1.wp.com/www.gistreel.com/wp-content/uploads/2021/08/ 109 KB
109 KB 39ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.gistreel.com/wp-content/uploads/2021/08/Screenshot_20210813-194649.png?resize=640%2C719&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

7131800632c35c99973b6f0d83eced85e97b4c8ca4db1561be009808dc9c4121

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:42 GMT
server: nginx
etag: "0fc0c221ed6a4b41"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.gistreel.com/wp-content/uploads/2021/08/Screenshot_20210813-194649.png>; rel="canonical"
content-length: 111182
expires: Mon, 14 Aug 2023 17:26:42 GMT

GET
H2 200 248daff2-e2ff-49e4-8ba2-dcf0596a0318-3293-0000024243da0d29_file.jpg
i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 58 KB
58 KB 73ms
72ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/08/248daff2-e2ff-49e4-8ba2-dcf0596a0318-3293-0000024243da0d29_file.jpg?w=414&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

0b5b4ba4aba14e61b6e76504bb30457cc359c65b84a3b74ebc6e8e9252f472f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:41 GMT
server: nginx
etag: "ce8bad2a5495ecf6"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/248daff2-e2ff-49e4-8ba2-dcf0596a0318-3293-0000024243da0d29_file.jpg>; rel="canonical"
content-length: 58980
expires: Mon, 14 Aug 2023 17:26:41 GMT

GET
H2 200 img_8992.jpg
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 63 KB
63 KB 441ms
440ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8992.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 22e06ff7d106293a00529dd5a150ea0c6747471bba3f49e514fd50b3cc2d09f5

Request headers

:path: /wp-content/uploads/2021/08/img_8992.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 20:16:53 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 64246
expires: max-age=A10368000, public

GET
H2 200 img_8978.png
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 1 MB
1 MB 443ms
443ms Image
image/png 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8978.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 366f4681048c42bb11250a21fd7529d985b6c4ac01164b0d123f4306b0e17e14

Request headers

:path: /wp-content/uploads/2021/08/img_8978.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 18:20:41 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/png
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 1086015
expires: max-age=A10368000, public

GET
H2 200 img_8977.jpg
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 63 KB
63 KB 443ms
443ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8977.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 5c07bf9030db06151cdb6d6d41eafe701bf4ee1c81a225c4b77b56951a85fbb7

Request headers

:path: /wp-content/uploads/2021/08/img_8977.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 18:16:27 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 64092
expires: max-age=A10368000, public

GET
H2 200 cff-avatar.png
www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/img/ 351 B
385 B 440ms
436ms Image
image/png 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/custom-facebook-feed/assets/img/cff-avatar.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 1747032cd2e0e989ddfcd5c7724348d73aec2aa8ed0d7417fd41537981c2040a

Request headers

:path: /wp-content/plugins/custom-facebook-feed/assets/img/cff-avatar.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/mbv8bvf3/5tqep.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Wed, 21 Jul 2021 21:13:45 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/png
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 351
expires: max-age=A10368000, public

GET
H2 200 img_8998.jpg
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 123 KB
123 KB 430ms
430ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8998.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 8c7b13055b12cc26112c6ce2b748d00ea679faedc55eaf8e6354c6140a4da089

Request headers

:path: /wp-content/uploads/2021/08/img_8998.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 21:41:36 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 126236
expires: max-age=A10368000, public

GET
H2 200 img_8991.jpg
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 138 KB
139 KB 430ms
430ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8991.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 60a6fc293c6b2baa2d1614c1e684917cb73d7b72b99f87ac877fffa5454771b9

Request headers

:path: /wp-content/uploads/2021/08/img_8991.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 19:35:40 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 141696
expires: max-age=A10368000, public

GET
H2 200 img_8988.jpg
www.yinksukblog.com.ng/wp-content/uploads/2021/08/ 364 KB
364 KB 430ms
429ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/2021/08/img_8988.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 11632184e4596c4f67ded9215866d46120738a69bda08bd9b2fd0a111edd3e65

Request headers

:path: /wp-content/uploads/2021/08/img_8988.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
last-modified: Fri, 13 Aug 2021 19:28:00 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 372240
expires: max-age=A10368000, public

GET
H3-29 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ 19 KB
19 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.yinksukblog.com.ng
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:32:15 GMT
x-content-type-options: nosniff
age: 366223
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:32:15 GMT

GET
H2 200 RemoteTightAsianporcupine-size_restricted.gif
i1.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/06/ 39 KB
39 KB 40ms
39ms Image
image/gif 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/06/RemoteTightAsianporcupine-size_restricted.gif?fit=270%2C225&ssl=1

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

8015b81bf5226b87c9fb5a1d6e25697e9a40e836dd432e5450e2cf1844a92df9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 3
date: Sat, 14 Aug 2021 06:15:58 GMT
x-content-type-options: nosniff
last-modified: Thu, 08 Jul 2021 11:38:23 GMT
server: nginx
etag: "0f9cc15db6c2f355"
access-control-allow-methods: GET, HEAD
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=63115200
x-optim-disabled: true
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/06/RemoteTightAsianporcupine-size_restricted.gif>; rel="canonical"
content-length: 39657
expires: Sat, 08 Jul 2023 23:38:23 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 208 B
267 B 61ms
60ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.yinksukblog.com.ng&callback=_gfp_s_&client=ca-pub-5742861393839950

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108100101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-5742861393839950&plah=www.yinksukblog.com.ng

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

33e1c9aa01e330e61e3472e3677c38a51285fa8424364efb5d4c031a0e285be7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 198
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.yinksukblog.com.ng

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 14ms
14ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.yinksukblog.com.ng

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BC7C 24 KB
5 KB 222ms
221ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&adk=1812271804&adf=3025194257&lmt=1628892199&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921757881&bpp=448&bdt=78&idt=625&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=287071621798&frm=20&pv=2&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=643

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3d83bd776d83fb1bde8310c0848cb6e3137b4eb5291c9d6e822740ae9536ecac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&adk=1812271804&adf=3025194257&lmt=1628892199&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921757881&bpp=448&bdt=78&idt=625&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=287071621798&frm=20&pv=2&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=643
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:58 GMT
server: cafe
content-length: 5527
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sat, 14-Aug-2021 06:30:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:58 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7761979199bf20d25fe4726392f9e6c268295e5d179b2bb5a683cb10fb6ad0d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854342869989"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27733
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:58 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ 94 KB
94 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:800::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js

Requested by

Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 04:05:14 GMT
x-content-type-options: nosniff
age: 7844
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95992
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 14 Aug 2022 04:05:14 GMT

GET
H2 200 translateelement.css
translate.googleapis.com/translate_static/css/ 18 KB
4 KB 53ms
5ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/css/translateelement.css

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:53:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3130
x-xss-protection: 0
last-modified: Wed, 24 Feb 2021 19:45:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 14 Aug 2021 06:53:50 GMT

GET
H2 200 main.js Show response
translate.googleapis.com/translate_static/js/element/ 6 KB
2 KB 53ms
6ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_static/js/element/main.js

Requested by

Host: translate.google.com
URL: https://translate.google.com/translate_a/element.js?cb=GoogleLanguageTranslatorInit

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

251c607557e1302862934faeb35d7c9c20cbb64b4abb6a4faed721b71db501f2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:53:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1328
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2154
x-xss-protection: 0
last-modified: Mon, 24 May 2021 18:08:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sat, 14 Aug 2021 06:53:50 GMT

GET
H2 200 styles.css
a.mailmunch.co/app/v1/ 21 KB
3 KB 31ms
31ms Stylesheet
text/css 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mailmunch.co/app/v1/styles.css
Requested by: Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 437e6e23bb4219f1dd245da75b1729666e71fbf31985189fa35be75702b8cab9

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 00:39:42 GMT
content-encoding: gzip
age: 20177
x-cache: Hit from cloudfront
content-length: 2274
access-control-allow-origin: *
last-modified: Fri, 13 Aug 2021 11:15:31 GMT
server: AmazonS3
etag: "cc42895f1086c7577a2482011503a4c9"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: text/css
via: 1.1 c76130909cba12f494ee98f488e40753.cloudfront.net (CloudFront)
access-control-expose-headers: ETag
cache-control: max-age=172800
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-amz-cf-id: HEBW1WgdQtZ4oZ7dEERvpY2RchTigoKDwRyJ9y9WXOuQbzu998evww==

GET
H/1.1 200
OK 885409 Show response
forms.mailmunch.co/sites/ 89 B
574 B 437ms
150ms XHR
application/json 54.225.129.59
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.mailmunch.co/sites/885409
Requested by: Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.225.129.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-225-129-59.compute-1.amazonaws.com
Software: Cowboy / Express
Resource Hash: 71ff931602c1a625cccf6a651066666b93075b9e433a538447c565636c099b9a

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 06:15:59 GMT
Via: 1.1 vegur
Server: Cowboy
X-Powered-By: Express
Etag: W/"59-/2bR0QfZMvVX1ZeLpWQI1XSM+eg"
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Content-Length: 89

GET
H3-29 200 element_main.js Show response
translate.googleapis.com/element/TE_20210503_00/e/js/element/ 252 KB
252 KB 21ms
8ms Script
text/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/element/TE_20210503_00/e/js/element/element_main.js

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/js/element/main.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

09363cc7c668ce12683214a9877ae9c068a82dfb8f64111355933c24e7193a98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 11:53:50 GMT
x-content-type-options: nosniff
age: 66128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/rosetta
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 257604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 09:56:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Aug 2022 11:53:50 GMT

GET
H2 200 hustle-icons-font.ttf
www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/hustle-ui/fonts/ 12 KB
7 KB 434ms
434ms Font
x-font/ttf 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/wordpress-popup/assets/hustle-ui/fonts/hustle-icons-font.ttf
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/qtta8ilp/5tqep.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: c8ccfa5c23b7fb8848ee26de498408961555235ec2c49e15e65a9bba6692d89f

Request headers

sec-fetch-mode: cors
origin: https://www.yinksukblog.com.ng
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
:path: /wp-content/plugins/wordpress-popup/assets/hustle-ui/fonts/hustle-icons-font.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/qtta8ilp/5tqep.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.yinksukblog.com.ng
Referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/qtta8ilp/5tqep.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
last-modified: Tue, 20 Apr 2021 09:35:28 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
vary: Accept-Encoding
content-type: x-font/ttf
cache-control: max-age=0
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 6770
expires: max-age=A10368000, public

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 14ms
14ms Script
application/javascript 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.yinksukblog.com.ng

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 15ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.yinksukblog.com.ng

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:15:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CF61 436 B
235 B 357ms
357ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=2054736868&adf=2471634399&pi=t.aa~a.771539599~i.11~rp.4&w=1038&fwrn=4&fwrnh=100&lmt=1628892199&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9386409732&psa=0&ad_type=text_image&format=1038x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rh=200&rw=1037&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=3&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0&nras=2&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=90&ady=2506&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Wt4K4NJKvT&p=https%3A//www.yinksukblog.com.ng&dtd=22

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3cae0dc19e204c491b244c2a277bd905fe7dc381d927dc867dbfe4382a0398d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=2054736868&adf=2471634399&pi=t.aa~a.771539599~i.11~rp.4&w=1038&fwrn=4&fwrnh=100&lmt=1628892199&num_ads=1&rafmt=1&armr=3&sem=mc&pwprc=9386409732&psa=0&ad_type=text_image&format=1038x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rh=200&rw=1037&rpe=1&resp_fmts=3&wgl=1&fa=27&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=3&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0&nras=2&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=90&ady=2506&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1408&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=Wt4K4NJKvT&p=https%3A//www.yinksukblog.com.ng&dtd=22
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 211
x-xss-protection: 0
set-cookie: IDE=AHWqTUn1-3A9LWe3L0DEtkMj8LCWSNBqtDBhIPkYkcxF1kw16-xiR5bBRkLbQprOLk8; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame A1E4 27 KB
11 KB 493ms
493ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cc7e27c4fa7ed200990db28034fc400fc06d3f2b9edf1ed03e180606d22186e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 11114
x-xss-protection: 0
set-cookie: IDE=AHWqTUlwknqIIn5-YllqDKGonBGufWHXQtlcqdmGWUwVIzVK-LzjsTCBDGdstopsSfQ; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C081 26 KB
11 KB 538ms
538ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc86c4faa29af0fa38ee57e2045b39b538b8f04ceb3ffb46cc1bcbbd9797f935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 10940
x-xss-protection: 0
set-cookie: IDE=AHWqTUk7b2u-6Spj89PJgq1XcGfKdMaBCmVV8nnpqkuBSnqjW7WqW5MSJ_0Imz7I2rU; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3E9C 27 KB
11 KB 457ms
454ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b64fd8674a2eee345026676428bc4f3500e2bf92e05bb810707d40a933287235

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 10987
x-xss-protection: 0
set-cookie: IDE=AHWqTUknrMQxpuweFAXEQlXUvYyMzGFbIKdtZGgt9jE8YQfh7VnW5IYNfYb6q6ZHaxk; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 7BEC 123 KB
38 KB 742ms
742ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9c911e789736e8fd135150b37a76c1ba419165a805760cb38e8ba3eeef52fa75

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM33t7bur_ICFQND5QodzgoLUg&gqi=nl8XYafQNOn33wPY052gDw&layout=/sadbundle/%24csp%253Der3%24/11575576717432054682/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM33t7bur_ICFQND5QodzgoLUg&gqi=nl8XYafQNOn33wPY052gDw&layout=/sadbundle/%24csp%253Der3%24/11575576717432054682/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 39352
x-xss-protection: 0
set-cookie: IDE=AHWqTUnH7Zm4bu_POGrLweQosESl5oNnjSnqI9HZNXE1duJtSm4cC8YUAyJm1mRmk90; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame AB98 27 KB
11 KB 485ms
485ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48ca39c75cc66f15688a8035b7aa69aa71c1ac7a5dbd3535f2b43df0b30bf0df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 11173
x-xss-protection: 0
set-cookie: IDE=AHWqTUkizaakwlRA1gUWPHe_TBgnFek194sSanr3nTdY5o7oyTdDdnNSjtVrsNxde-M; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6FFF 27 KB
11 KB 536ms
535ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02ae9f5ba0cae9cd8387b3d61f18a5b13e0882d230327ec625e1de87306e957d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sat, 14 Aug 2021 06:15:59 GMT
server: cafe
content-length: 11011
x-xss-protection: 0
set-cookie: IDE=AHWqTUnoDMfc8k4BKefAL9O8nf-DQlzgLrZ7e_dAyDHqdgXKX97N7IdbJbsrlaGPOeI; expires=Thu, 08-Sep-2022 06:15:58 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

GET
H2 200 master.html Show response
widgets.wp.com/likes/ Frame E6C9 3 KB
1 KB 127ms
41ms Document
text/html 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.wp.com/likes/master.html?ver=202132
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cc74ed96b7cded3057097292949692d7a212bcadd50a213a9ad78ddd55ba81e6

Request headers

:method: GET
:authority: widgets.wp.com
:scheme: https
:path: /likes/master.html?ver=202132
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

server: nginx
date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
last-modified: Wed, 14 Apr 2021 02:01:40 GMT
vary: Accept-Encoding
etag: W/"60764d04-ac0"
content-encoding: gzip
x-ac: 2.hhn _dca
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
x-nc: HIT hhn 1

GET
H2 200 g.gif
pixel.wp.com/ 50 B
92 B 38ms
37ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A10.0&blog=185872605&post=38304&tz=1&srv=www.yinksukblog.com.ng&host=www.yinksukblog.com.ng&ref=&fcp=1441&rand=0.8582661136910934
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 / Show response
www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/ 3 KB
2 KB 1334ms
1333ms XHR
application/json 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/?relatedposts=1

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.0/_inc/build/related-posts/related-posts.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

box5593.bluehost.com

Software

nginx/1.19.10 /

Resource Hash

f4f6ef8d342aa3daf84864f96c0dc284b33734536f1549485d0d637889e860d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-fetch-mode: cors
accept-encoding: gzip, deflate, br
accept-language: en-US
x-requested-with: XMLHttpRequest
sec-fetch-dest: empty
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
:path: /hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/?relatedposts=1
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
x-requested-with: XMLHttpRequest

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx/1.19.10
x-server-cache: false
x-pingback: https://www.yinksukblog.com.ng/xmlrpc.php
content-type: application/json; charset=utf-8
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
vary: Accept-Encoding
content-length: 1694

GET
H2 200 / Show response
graph.facebook.com/ 244 B
643 B 58ms
32ms Script
text/javascript 2a03:2880:f045:12:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?callback=WPCOMSharing.update_facebook_count&ids=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/p/jetpack/10.0/_inc/build/sharedaddy/sharing.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f045:12:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f8824f04f3bb9580a0a78786e1437d3e6a8f7ee9ba3d162e9c9f4f54d80ae6ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
www-authenticate: OAuth "Facebook Platform" "invalid_request" "(#2) Service temporarily unavailable"
x-fb-rev: 1004256058
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 181
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: qAG6vIl6r8E7cS3IagZE4M9rDw9Hnko+r6t0fmNAamumQFwTkc41WrvUacRRhoo9dx8czrzrHP+3ZJUAiuSJjA==
x-fb-trace-id: AAiqgTQI0df
date: Sat, 14 Aug 2021 06:15:58 GMT
vary: Origin, Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: A928iYD_lsuAN0YO9fh4-yr
cache-control: no-store
facebook-api-version: v4.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
74 B 38ms
38ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=wpcom-no-pv&x_sharing-count-request=facebook&r=0.8933490739783208
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:58 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
DATA 200
OK truncated
/ 475 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7b8774ee42aac08bc5a2e690896b80dc20953e86dc152dc5b344b589df74273e

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 flags.png
www.yinksukblog.com.ng/wp-content/plugins/google-language-translator/images/ 54 KB
54 KB 257ms
256ms Image
image/png 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/plugins/google-language-translator/images/flags.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/6meanoye/5tqep.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: d64c12a76a61096f3a14aa795d12c3fc0de8e5781ef2e1af3b66517e65d7f00e

Request headers

:path: /wp-content/plugins/google-language-translator/images/flags.png
pragma: no-cache
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/6meanoye/5tqep.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/wp-content/cache/wpfc-minified/6meanoye/5tqep.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
last-modified: Thu, 22 Jul 2021 09:13:27 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/png
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 54996
expires: max-age=A10368000, public

POST
H2 200 admin-ajax.php Show response
www.yinksukblog.com.ng/wp-admin/ 0
215 B 1419ms
1419ms XHR
text/html 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.yinksukblog.com.ng/wp-admin/admin-ajax.php

Requested by

Host: c0.wp.com
URL: https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/jquery.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),

Reverse DNS

box5593.bluehost.com

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-fetch-mode: cors
origin: https://www.yinksukblog.com.ng
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: empty
x-requested-with: XMLHttpRequest
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
content-length: 199
:path: /wp-admin/admin-ajax.php
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
content-type: application/x-www-form-urlencoded; charset=UTF-8
accept: */*
cache-control: no-cache
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: POST
Accept: */*
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
referrer-policy: strict-origin-when-cross-origin
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.yinksukblog.com.ng
cache-control: no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
x-robots-tag: noindex
content-length: 0
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 235974162_226711899358826_8302312665032455926_nthumb.jpg
www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/ 322 B
378 B 234ms
234ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/235974162_226711899358826_8302312665032455926_nthumb.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: d6e97fe541e9f9a1fb6278272313cbd2943e304db05d3b1b681f8e31eeb03dec

Request headers

:path: /wp-content/uploads/sb-instagram-feed-images/235974162_226711899358826_8302312665032455926_nthumb.jpg
pragma: no-cache
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
last-modified: Fri, 13 Aug 2021 21:42:04 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 322
expires: max-age=A10368000, public

GET
H2 200 235910247_2990589871262624_5492424927373878949_nthumb.jpg
www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/ 10 KB
10 KB 241ms
240ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/235910247_2990589871262624_5492424927373878949_nthumb.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: a5212937ce003060cb7e24996dd5df14074c399512a7f080177b8d085951f3ca

Request headers

:path: /wp-content/uploads/sb-instagram-feed-images/235910247_2990589871262624_5492424927373878949_nthumb.jpg
pragma: no-cache
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
last-modified: Fri, 13 Aug 2021 20:02:14 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10363
expires: max-age=A10368000, public

GET
H2 200 235710029_431407058109990_3815406826870742207_nthumb.jpg
www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/ 10 KB
10 KB 241ms
240ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/235710029_431407058109990_3815406826870742207_nthumb.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: a5212937ce003060cb7e24996dd5df14074c399512a7f080177b8d085951f3ca

Request headers

:path: /wp-content/uploads/sb-instagram-feed-images/235710029_431407058109990_3815406826870742207_nthumb.jpg
pragma: no-cache
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
last-modified: Fri, 13 Aug 2021 20:02:15 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 10363
expires: max-age=A10368000, public

GET
H2 200 235820321_212061254229558_3258894268759406507_nthumb.jpg
www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/ 5 KB
5 KB 272ms
271ms Image
image/jpeg 162.241.218.217
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.yinksukblog.com.ng/wp-content/uploads/sb-instagram-feed-images/235820321_212061254229558_3258894268759406507_nthumb.jpg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 162.241.218.217 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: box5593.bluehost.com
Software: nginx/1.19.10 /
Resource Hash: 6a903fd0d42ff840709272f809535d73a5fe017b146eb64e0a7a7362a7c7c0d2

Request headers

:path: /wp-content/uploads/sb-instagram-feed-images/235820321_212061254229558_3258894268759406507_nthumb.jpg
pragma: no-cache
cookie: __gads=ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg; mailmunch_second_pageview=true; hustle_module_show_count-social_sharing-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.yinksukblog.com.ng
referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
last-modified: Fri, 13 Aug 2021 19:26:41 GMT
server: nginx/1.19.10
accept-ranges: bytes
x-server-cache: false
content-type: image/jpeg
cache-control: max-age=10368000
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
content-length: 4745
expires: max-age=A10368000, public

GET
H2 200 / Show response
s0.wp.com/_static/ Frame E6C9 22 KB
5 KB 43ms
42ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/rlt-proxy.js?m=20210413
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88

Request headers

Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-56cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Thu, 14 Apr 2022 02:02:07 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame E6C9 93 KB
25 KB 43ms
42ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/jed/jed.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20210317
Requested by: Host: widgets.wp.com
URL: https://widgets.wp.com/likes/master.html?ver=202132
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: cf6c56fe71c3a0a2ee4e9e6e1760949e1fc2fe68ed6edee89d72c2156b3a7cd1

Request headers

Referer: https://widgets.wp.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
last-modified: Mon, 12 Apr 2021 17:54:33 GMT
server: nginx
etag: W/"60748959-172b5"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Tue, 12 Apr 2022 18:35:27 GMT

GET
H2 200 / Show response
public-api.wordpress.com/wp-admin/rest-proxy/ Frame 71AD 8 KB
3 KB 276ms
182ms Document
text/html 192.0.78.22
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://public-api.wordpress.com/wp-admin/rest-proxy/

Requested by

Host: s0.wp.com
URL: https://s0.wp.com/_static/??/wp-content/js/jed/jed.js,/wp-content/js/wpcom-proxy-request.js,/wp-content/js/likes-rest-nojquery.js?m=20210317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.78.22 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

Software

nginx /

Resource Hash

c6571876dfcbb11c6d3433e714f76c8acbf206b2be801cb65f63f18b9e3d510e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

:method: GET
:authority: public-api.wordpress.com
:scheme: https
:path: /wp-admin/rest-proxy/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://widgets.wp.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://widgets.wp.com/

Response headers

server: nginx
date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
p3p: CP="CAO PSA OUR"
set-cookie: wp_api=+; expires=Fri, 14-Aug-2020 06:15:59 GMT; Max-Age=0; path=/wp-admin/rest-proxy/; domain=public-api.wordpress.com; secure; SameSite=None wp_api_sec=+; expires=Fri, 14-Aug-2020 06:15:59 GMT; Max-Age=0; path=/; domain=public-api.wordpress.com; secure; HttpOnly; SameSite=None
content-encoding: gzip
x-ac: 1.hhn _dfw
strict-transport-security: max-age=15552000

GET
H2 200 settings-1628844372.json Show response
a.mailmunch.co/forms-cache/885409/ 1 KB
1 KB 113ms
50ms XHR
application/json 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mailmunch.co/forms-cache/885409/settings-1628844372.json
Requested by: Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 17e0f2cdeb90849cd06c28f869b7621e1d2f8a96e2f1046423d9b28d50d5c51c

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 18:35:04 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 42055
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Fri, 13 Aug 2021 08:46:19 GMT
server: AmazonS3
etag: W/"c8dbab634cac2350e4ae157b64bca7e8"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: application/json; charset=utf-8
via: 1.1 aa1a30846e0095e7119e3af834f718c3.cloudfront.net (CloudFront)
access-control-expose-headers: ETag
cache-control: max-age=31556952
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: cYP_d4aEbH3ipeI4JoRN6AB21gmS74rhfCrPWEBJ_1ynegVi2oZ0HQ==

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/1x/ 825 B
913 B 26ms
7ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/1x/translate_24dp.png

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:55:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1251
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
expires: Sun, 14 Aug 2022 05:55:08 GMT

GET
H2 200 googlelogo_color_42x16dp.png
www.gstatic.com/images/branding/googlelogo/1x/ 910 B
1 KB 25ms
6ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:29:34 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2785
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 910
x-xss-protection: 0
expires: Sun, 14 Aug 2022 05:29:34 GMT

GET
H2 200 translate_24dp.png
www.gstatic.com/images/branding/product/2x/ 2 KB
2 KB 20ms
7ms Image
image/png 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/branding/product/2x/translate_24dp.png

Requested by

Host: translate.googleapis.com
URL: https://translate.googleapis.com/translate_static/css/translateelement.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://translate.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:59:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 1014
vary: Origin
content-type: image/png
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1847
x-xss-protection: 0
expires: Sun, 14 Aug 2022 05:59:05 GMT

GET
H2 200 popover.js Show response
a.mailmunch.co/app/v1/ 9 KB
3 KB 32ms
31ms Script
text/javascript 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mailmunch.co/app/v1/popover.js
Requested by: Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 111cea4209818a9350fc28c5ecf46ef9c0b3f3044cc7e0f8c3d197a725d3cca7

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 23:19:32 GMT
content-encoding: gzip
age: 24988
x-cache: Hit from cloudfront
content-length: 2245
access-control-allow-origin: *
last-modified: Fri, 13 Aug 2021 11:15:19 GMT
server: AmazonS3
etag: "c20be8b3fc286a8a678ddad3f631e0cb"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: text/javascript
via: 1.1 c76130909cba12f494ee98f488e40753.cloudfront.net (CloudFront)
access-control-expose-headers: ETag
cache-control: max-age=172800
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-amz-cf-id: RwvGpe91HVXOjeu-2mxWxJghQ-ymx58TUwPZ6dGCQBP9R63rwCoH-w==

GET
H3-29 200 l Show response
translate.googleapis.com/translate_a/ Frame 3E51 3 KB
962 B 17ms
17ms Script
application/javascript 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://translate.googleapis.com/translate_a/l?client=te&alpha=true&hl=en&cb=callback

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Am3TjjQ8Gzk1URfjWv+ohg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
content-security-policy: script-src 'report-sample' 'nonce-Am3TjjQ8Gzk1URfjWv+ohg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/TranslateApiHttp/cspreport;worker-src 'self', require-trusted-types-for 'script';report-uri /_/TranslateApiHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin
date: Sat, 14 Aug 2021 06:15:59 GMT
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 index-1610720383.html Show response
a.mailmunch.co/forms-cache/885409/992116/ 137 KB
44 KB 60ms
60ms XHR
text/html 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.mailmunch.co/forms-cache/885409/992116/index-1610720383.html
Requested by: Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3879702e5f7fd75beeed27b9fe4fd0ea2c87e0c8d994ff31b06168eb3bfe1c92

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 02 May 2021 11:33:35 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 8966545
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Fri, 05 Mar 2021 15:04:06 GMT
server: AmazonS3
etag: W/"ad38ce4e9a451510fe798a44afba10d2"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: text/html; charset=utf-8
via: 1.1 aa1a30846e0095e7119e3af834f718c3.cloudfront.net (CloudFront)
access-control-expose-headers: ETag
cache-control: max-age=31556952
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: tFmwR2W1t3AzSQn01rAacI8oom2eVUgwp1DoPas6ncDpwYTg4mjEpA==

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame E8A9 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=ClFKjnl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgS9Ak_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXlozuQ9jrvdrYpk0mbunG_3nz6gAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAGACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNTc0Mjg2MTM5MzgzOTk1MBgA&sigh=XqHC8lPFkOM

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame E8A9 0
0 31ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gpve1w9ph5efxqk7hjz54apm7yzzpwb4f9rnab58v7hnvn764983jjnv38crz6b60ayfspp8eej3b5shd3qht5qb1spcmq3q91smkkjjqh2yq00qnabf72b03h2aef474ywstvm3ndcames78fgvfg8v9nwpchxv8ng0s2x84x98vcyvqxmfcsva68637c5thk19y8ppvebzg0jd5yxfpwq4axf2et43njnp5t2pnrg39mktkca784xdztxbjvspbwybg53ng1016073jdvfptcerdm6swzfnmz0x6wm0cgqvmg0qkvm8sn9xjfsbghx5h61br5nh0mbp1mt1sg5ps497dqebkh2hg4hd0xx9yfynjw2x8s93c6tmwqz4r8tyrxwqqb&b=YRdfngANPFsK5VjUAAvGpT89EnPXBZPmBNsRxg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame 8488 2 KB
2 KB 37ms
19ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3b71441a554fbb4339b53ff2f6218050817f236b595498407298c85ec0064bd

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d43fe8842c9-FRA
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame E8A9 2 KB
2 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 94B9 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 11:56:19 GMT
expires: Sat, 14 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 65980
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E8A9 124 KB
37 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame E8A9 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 315
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:44 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame E8A9 0
0 14ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQ_5p4tSyAXIQYpG9wmzmkPKmSv3R6Hdfm5O_r18mp8e4XOHghJ3iQiLpOhoSmdupnetvbQRjgoAWj7DCjfyLeOM43m4g
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame FCAB 0
0 32ms
32ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CvVGUnl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwQJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGHyk3cHZ7Ae6r78NUHFxIFS5V6ABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAYAKAfoLAggBgAwB0BUBgBcBshcaChgSFHB1Yi01NzQyODYxMzkzODM5OTUwGAA&sigh=ehwNQsE3a3g

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame FCAB 0
0 17ms
16ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jmjtnnvq9qszqqma21cpeshwgp746qp3spacsx4x7zj3f7gb8jp528htv9mh011gjxmwg3pqven822hbqqchs9vb6c49kjpmmqbcn26tmmbp6y7ctd8b5567np6fz756s8x4m17khvgdy7nay4ka37dsybt1nttensphe5p54h5e0b0gcseanjx5yy09fhrccah420jg0kz4949emh0nfteyxcbmcantzd08q51jqpzp65dgv26dv1ypsh5bvfga1rwqsyph2vagadb8gvg84rhfndh1kmb0nt6zyczpabbnyjpk56hrn19q5k5k0rtzdg0pjzjw9jp6d78akrgqazgj01parj42txrq8swsnhvyme20babthzxy0mye215sqz35ac9&b=YRdfngANNUIIu-QXAAB82-GFHbRUxW6pGspb-g
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame A8E8 2 KB
1 KB 25ms
20ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

182eeaa3a818f4de1b14cba3adcec75a1e9bf92ffc2c094e2699a8263d956d93

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d43fe8c42c9-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame FCAB 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame A0E1 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 11:56:19 GMT
expires: Sat, 14 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 65980
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FCAB 124 KB
37 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame FCAB 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:54:21 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame FCAB 0
0 15ms
15ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRTmMWxrXb9JkkQK8e728XycV4F4qskUDVv1_-vnHIUARXQ079pEis0nJCn92nRUKyl06lgJUR1IVmMrxGJoNXTYepcBg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=280&adk=3106563156&adf=2405762439&pi=t.aa~a.872345986~rp.1&w=353&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=353x280&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280&nras=3&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1198&ady=1158&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=peXDyAqTdR&p=https%3A//www.yinksukblog.com.ng&dtd=29
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 4664 0
0 33ms
30ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CT5Mwnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bO2nkVjxCddQNf11nYr5SHzrqsoAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=QcdMI2_YaAM

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 4664 0
0 18ms
14ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1hdvrymxbcepym7ksmnghp52xarv2mgyncs8v29wtrhm0am278bxf742ys12gcxpgz6jhj0gwjqb2qcqrhr49qgp1k29rgd7rg236rv5yce6evy361bveqv0d01m23x9ney479pca498yjd9ggytt3d68eq373bgkwg2phzht5sy4dpk5htr66mww8xmdtprd1d8m936g8h4fh85jg5yrf35k5tzpry912r73664g61zbq0yqta5ep0fvndgzw08p1j5h9eyp5phayk5rcft6vh7kje1581gf8bwhsck4cv0fsq9gqp33387mnqfbf1trns3fkbzpc46p3kyve7xmw1d5n0anxwv4apfznx5e7fxbhztvrf49w0d9dh3ktdn29377p36&b=YRdfngANVt0Iu-EeAALDEjl5ZWh55V1STqHIQg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
ad4m.at/ad/ Frame 8F31 2 KB
1 KB 21ms
18ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7cc38018eda7a5362f79b1e8309a59cceb0121094230ae51b1bcc8b2074a2024

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-7b12
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d440ebd42c9-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 4664 2 KB
1 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6271 1 KB
749 B 9ms
8ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 11:56:19 GMT
expires: Sat, 14 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 65980
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4664 124 KB
37 KB 23ms
21ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 4664 14 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:54:21 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 4664 0
0 16ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQq6XgxWsaXhG70MIcMz3TRN9U8dWQOzeYeL8rBnJ57o5zVj5dwK-wcqV1r3NaX24GPJi_C7jo9IO7Sf-C8nBGxrxVcGw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=3896800018&adf=2379560209&pi=t.aa~a.1838649094~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250&nras=7&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3086&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=7&uci=a!7&btvi=5&fsb=1&xpc=rKRAXFRZkl&p=https%3A//www.yinksukblog.com.ng&dtd=46
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 dpixel
cms.quantserve.com/ Frame 94B9 35 B
464 B 15ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHprFMS_qLTK9hGhpxKU2fw&google_cver=1&google_push=AYg5qPKz3N_wOrLxEE9mcK-VjU4tYAwdplZqXGwK5r6CJfSCBlT08s5CnluQa0a1pysCeCKh6RA-lL-rtxfxfV2itZt43-CpJA

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 94B9
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPJCeff4X5a8rmlH0-7xv-4IToXMlAUBSC3vdPXiieaJ-6UNZrXR_at2vUg_keAd3d52_xr-6q5_90Ihw-vjKdOsTqkUhuo&google_gid=CAESEODbWpdebNcLi4DXK81bWyw&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCJ-_3YgGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBKQ2VmZjRYNWE4cm1sSDAtN3h2LTRJVG9YTWxBVUJTQzN2ZFBYaWllYUotNlVOWnJYUl9hdDJ2VWdfa2VBZDNkNTJfeHItNnE1XzkwSWh3LX...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbzlYSlZ0Zmx6aDNiMmFnazZNaFQyeEtCWmxEbm5KN25FMTU2WFhyTDUwZw==&google_push

170 B
188 B

55ms
54ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbzlYSlZ0Zmx6aDNiMmFnazZNaFQyeEtCWmxEbm5KN25FMTU2WFhyTDUwZw==&google_push

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwbzlYSlZ0Zmx6aDNiMmFnazZNaFQyeEtCWmxEbm5KN25FMTU2WFhyTDUwZw==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 94B9
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEABVTnQN9FGca6Jt_n4yPnA&google_cver=1&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8
https://rtb.openx.net/sync/dds?google_gid=CAESEABVTnQN9FGca6Jt_n4yPnA&google_cver=1&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&o...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:58 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPJSm2pFMnGP6dVhkZff4pl67Vuxf3BDBLXRlZJZS_3tYKSlMvf6aKS6MkojOZJZ3qgi__V21ykfS9tCA49UFVX89TCzjK8&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: mh4urnup9jvcdf23eu56qs71hotae6mu

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 94B9
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

57ms
56ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJuXO_3MPSRD39KnKedGSQsp4dJefPLimZegdf39kvK6LEM1un1_mEE47c5olB-OCnifXGmGUetLWEmPp3QaTQWaE06V4s

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJuXO_3MPSRD39KnKedGSQsp4dJefPLimZegdf39kvK6LEM1un1_mEE47c5olB-OCnifXGmGUetLWEmPp3QaTQWaE06V4s
date: Sat, 14 Aug 2021 06:15:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 94B9
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJVwA2rzzMYL8b6NScnEEtM&google_cver=1&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUFQtMy02OUEz&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh92uzJF4MQDIGfEJDNzRl4-oc

170 B
188 B

56ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUFQtMy02OUEz&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh92uzJF4MQDIGfEJDNzRl4-oc

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUFQtMy02OUEz&google_push=AYg5qPLUEtbyO9qOtLJ3UVUC4Air3cdB08BqaHEsu1z4IMDFXiqZdUMd-J3Hwqt2unyaJvXM6uh92uzJF4MQDIGfEJDNzRl4-oc
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 94B9
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 94B9 43 B
297 B 66ms
21ms Image
image/gif 2a05:d01c:1d8:8101:6861:1a90:aaf3:9d73
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEOCNVNuDItXfxV204PRPlSs&google_cver=1&google_push=AYg5qPKhNfV5PNs8gQDQ3OH10PmIYMidrya1AymzEf5hrEfRaSn7Z1Yz45tCMG_CiuM-c0seL3chMSdcWxnEkVoPsV4uZFC3CLs
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=4043633759&pi=t.aa~a.2905765805~rp.2&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250&nras=5&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1883&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=IjlqjIlKDt&p=https%3A//www.yinksukblog.com.ng&dtd=37
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8101:6861:1a90:aaf3:9d73 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 94B9 0
50 B 53ms
50ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13K_F1_pTIEetwrlJoB99Ph5LwovNTFFy2-YLdxv0Wghgah1_fE8_v7EPWFwuWwhU5y2tprE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame FCAB 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b96cc9e86d0ada99540a597c681bd9e8da533bce99134e1a6b387a5dce3d1e46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E8A9 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ba1f244153772f9b44d3730b3b9114c3b53e8f909066796c59fbfea60889141

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame 9AAB 3 KB
587 B 23ms
23ms Stylesheet
text/css 2a00:1450:4001:828::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700&display=swap

Requested by

Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ad0143eabe9dd325f34d5120a12a19df28e63e0dae2c85fc0ab664be125e8da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 14 Aug 2021 04:17:24 GMT
server: ESF
date: Sat, 14 Aug 2021 06:15:59 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H/1.1 200
OK logo_branding.png
cf.mailmunch.com/partner/mailmunch/ Frame 9AAB 3 KB
4 KB 202ms
50ms Image
image/png 13.32.22.59
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cf.mailmunch.com/partner/mailmunch/logo_branding.png
Requested by: Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.22.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-22-59.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 60615cf3ddf0b34046ce24ba4a0f5a5c352c10a9ae6e03043b93f8e0f5c6b509

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Sat, 14 Aug 2021 04:51:34 GMT
Via: 1.1 307a3e1075dd3d0976c64513a6ec3d74.cloudfront.net (CloudFront)
Age: 5079
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 3019
Last-Modified: Mon, 31 Aug 2020 12:20:46 GMT
Server: AmazonS3
ETag: "9b53f488aacdce3693ba93861ca034cf"
Access-Control-Max-Age: 3000
Access-Control-Allow-Methods: HEAD, GET, POST, PUT, DELETE
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag
X-Amz-Cf-Pop: FRA56-C2
Accept-Ranges: bytes
X-Amz-Cf-Id: 5AuoFgTMpI1GpMpsyi-oA0eQK06c6QIOhjLO_5eQZ3TBwpdE_Daxug==

GET
DATA 200
OK truncated
/ Frame 4664 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b57d52fba6d65cfb92c686e89952b79f6df2e731e221cabeee0071476bd4b52c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEDPVXoepiOBeOkijr3-iWIE&google_cver=1&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1LynLOWWxWo4xBMELyWuAnhepbB7FL5jTWnpgRydnQ&google_hm=VGLtUue...

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1LynLOWWxWo4xBMELyWuAnhepbB7FL5jTWnpgRydnQ&google_hm=VGLtUueR082JSV_V3teKxA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKNpTleUDWh2OVkpD8z2n8dd_Of0M0yqnYeQ9loEZOL86EQ5DmiT1LynLOWWxWo4xBMELyWuAnhepbB7FL5jTWnpgRydnQ&google_hm=VGLtUueR082JSV_V3teKxA
pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEBEj14gPF-zhu9PKPJiPdlY&google_cver=1&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM&google_hm=Q0FFU0VCRWoxNGdQRi16aH...

170 B
188 B

53ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM&google_hm=Q0FFU0VCRWoxNGdQRi16aHU5UEtQSmlQZGxZ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPK29wrgqNS4tmQb3tYdwOwVd_Ms9xrTzXHCHX2d-YwDSXKTa6ooSMg-PB64rjvp0FNLmRNE1AaUxgFVMlQ65_0fVYOOZdM&google_hm=Q0FFU0VCRWoxNGdQRi16aHU5UEtQSmlQZGxZ
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJ-Pseg...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJ-Pseg...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcN...

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcNdq9Z8VsNea1-TY8cekLGU-lSvLUQ

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJ-PsegP3kB5fC349qVZu1yJXZ19Sgcu7YFJzTDU9hR5oAprAJ7AvohvilxWOdNcNdq9Z8VsNea1-TY8cekLGU-lSvLUQ
pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sat, 14 Aug 2021 06:16:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEPsBHgusMTZhhVyKyShMXn8&google_cver=1&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

170 B
188 B

53ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPIpxY5JB_GrTaGw8kVKieS-8LBHGs5VWpcOsoCfGJ9VGThcNFHnVCFxxqix5h2EiRQhsfPtkw9x1q43BipABAzmmnzUiA&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 6qpo5dt88j8a6qtpa5ukp4doufl08qet

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLDvxT3lWvL8eLGxdJOq57kxNDOEvyYmgkd_4gvMjHOzTSBP8LF4ZoiaDoizkhQUnrs2_33FGnf3ESXl8aP1qVrmDI9QwQ

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLDvxT3lWvL8eLGxdJOq57kxNDOEvyYmgkd_4gvMjHOzTSBP8LF4ZoiaDoizkhQUnrs2_33FGnf3ESXl8aP1qVrmDI9QwQ
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEMa0bPorvO6h9cB3Av5mIvc&google_cver=1&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqO...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUzYtMUstQ1hRWQ==&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqOkDLojlzmtiYCaq0bLAKpIT0E

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUzYtMUstQ1hRWQ==&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqOkDLojlzmtiYCaq0bLAKpIT0E

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIUzYtMUstQ1hRWQ==&google_push=AYg5qPIB865RrJcFTey56DwOYofHrRqQGns5jOtOAJ-0Beveq6dpK5j3iStdhVmPbimpyllRxqOkDLojlzmtiYCaq0bLAKpIT0E
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame A0E1
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqy...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame A0E1 0
12 B 60ms
57ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13L2r9oMSwS0xI6uszv1CukdSzFczwxUVSRkPG8J11Ta9lGVROmQNkNm4OkunPduRj19AJGA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame 8488 58 KB
59 KB 33ms
22ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4045421
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TVe0qLyxAcbySw%2Bg1pQi%2FFYiM7ix0dmZOYhWtdNVohc5FQuCbgSX9V%2FGzzQWd%2Fij%2BldA3n1BHWUyCqngjEt%2BigkEgWVV0mOfYUw7ZV9qSu8zBu6pZaUJx%2BVQETWx2717PWXXy4U%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 67e80d4528ad5364-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 8488 36 KB
13 KB 43ms
33ms Script
application/javascript 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40400
x-guploader-uploadid: ADPycdvb4SNrOElqVCm_daUh4c_WHiGaxceFyD8IIU8f0k2fY-pH7kx3E6ib5P_jlIyW-M28FvvKLnbIhLB0tZEck1SY6yjTkQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W99P8IV3VKPFsQPY%2FOdMVXMWxGDb8pFA3Eq06m4AKJL0Q%2BOtw4jReoNDfKWcjWlWTBlr60Ee95AfQgYTM2GuXoePfpLXDsU%2F2Fww%2BvH12%2FqvfrmMbHz%2BYVFzHKaw%2FfrWvrPFyA8%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Fri, 13 Aug 2021 19:02:39 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 67e80d4528ae5364-FRA
cf-bgj: minify

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame A8E8 58 KB
59 KB 24ms
16ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4045421
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNwPxWKPX3sAa98zTq1NycxB0LrmgGZSOzVn0vU7%2F%2B5CpJZNcIHKa5ELTfe4DWPdbXcMa%2BGF0r9k4OsNbBsXkXmf3TZrgEf8vxihqvLC8YrhEPQwOiMI0yhLOaBMI3MPK%2FVTRG8%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 67e80d4528a75364-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame A8E8 36 KB
13 KB 29ms
21ms Script
application/javascript 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40400
x-guploader-uploadid: ADPycdvb4SNrOElqVCm_daUh4c_WHiGaxceFyD8IIU8f0k2fY-pH7kx3E6ib5P_jlIyW-M28FvvKLnbIhLB0tZEck1SY6yjTkQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jqsi7JqiXNqOue2HSxXDN3rRyIyIMu7Lltiep5iXHycRbDKMO6buCUaMsQ3CeSVXJIqE5DJkr%2FJzmK8x%2FoEs%2Fkbhsai5ZJyd3W%2BMzalaTHAh9Vt3CcHrlzXUripL6C%2FyViFYc4M%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Fri, 13 Aug 2021 19:02:39 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 67e80d4528ab5364-FRA
cf-bgj: minify

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame BB8E 0
0 30ms
30ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CMmY9nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgqz85eLPnbWbsAHE3vv_LnpVIsoAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=gsyicxNzTUQ

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame BB8E 0
0 16ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1jwr78k1m8cz5x4hby362zdqf0t8dq7fjy41sj32q37kr3ffa9g501x031hbpq6z8jg8sfv9zg6kbkn923ttk4zxghc693geeket6ev298n4q7ch6w9v95z1h4f37gsq786ny09qmhcz2f3qehax3sf9hs6b4b4mwdf220y9ygrxgeemq0539xd7aqab7cxjqebbfy2k5a5zm3fg0sv910mj1m59gjyd171edv6krq3603avmd2x1avh845w69jdws6zcejx9fy2bwhxhfjax92ghh9qfrbvg1aq4bmqf8zt6kkfn34hm2c99tfc55skb85j0gepdswp63f7535ggrwrcdxnzk9fxsq5h648gfqgxzvg4j6rnf1x3na0cjpw55qd4vyj&b=YRdfngANUIcIu8TAAAMq4nG9W2UmXGMu3vzoXw
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H3-29 200 dr Show response
ad4m.at/ad/ Frame 30DA 2 KB
2 KB 32ms
31ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29e98d98133dbfa2dd71aeebab7ef957f737c59f13c6f85c04b245c403e373ef

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d4538bf5364-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame BB8E 2 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 52FD 1 KB
749 B 8ms
6ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 11:56:19 GMT
expires: Sat, 14 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 65980
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame BB8E 124 KB
37 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame BB8E 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:54:21 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame BB8E 0
0 17ms
15ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS6TYRYyDh7oj3ySVw6npQ1CPjrRrpXl3iG_bYeYqA_JWwkYHXkQ6eVi2KORr_796cpWNgSLRtX__qdMrOF_IO958kfgg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame 8F31 58 KB
59 KB 31ms
30ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4045421
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CdMZzfhnb1xNW3s4ycWSALKGCOZRnBrnW9Kqi9z1YjXgH0r%2BQvL6pNwKbgOSQt0dMwybC6yAdVgBPe2l%2BQGcaUzYinoFsbCFS93tnDXZBUeoOIWtmvNnuwhh%2BNzNlZR%2BYQGMCLg%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 67e80d4538c05364-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 8F31 36 KB
13 KB 33ms
33ms Script
application/javascript 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40400
x-guploader-uploadid: ADPycdvb4SNrOElqVCm_daUh4c_WHiGaxceFyD8IIU8f0k2fY-pH7kx3E6ib5P_jlIyW-M28FvvKLnbIhLB0tZEck1SY6yjTkQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e62vcuXgWIKK%2BjX0F2GLatnzNuMwgIq5LwEglGb62VaP2iAd%2BTC41WnSuInnDGXdSWSM%2F36xgnpu9IPL4UR2I6j6fCw%2BMc1b5psb%2BYhoBq3mml5lXmFDuMZ%2BRuaE6%2FXTJSoPyWk%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Fri, 13 Aug 2021 19:02:39 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 67e80d4538c15364-FRA
cf-bgj: minify

GET
H2 200 yinksuklogo.png
a.mailmunch.co/attachments/assets/000/430/157/large/ Frame 9AAB 5 KB
6 KB 53ms
52ms Image
image/png 2600:9000:2181:f600:4:c961:9640:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.mailmunch.co/attachments/assets/000/430/157/large/yinksuklogo.png?1610719479
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2181:f600:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: df5e22297ed3d8adb16010aff58d84031e10ba012c8a52dd5a7a283fc33f91c2

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 11 Jun 2021 14:25:07 GMT
via: 1.1 c76130909cba12f494ee98f488e40753.cloudfront.net (CloudFront)
age: 5500253
x-cache: Hit from cloudfront
content-length: 5143
last-modified: Fri, 15 Jan 2021 14:04:42 GMT
server: AmazonS3
etag: "30d2940f838f8f2699d20942f793ba8b"
access-control-max-age: 3000
access-control-allow-methods: HEAD, GET, POST, PUT, DELETE
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: ETag
cache-control: max-age=31556952
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-amz-cf-id: u-O1vfLzD0Vvfmj26Eeb8aoxvOse8NhHAMQ8Hh9s1hM5vEWTdX9Rkg==
expires: Sat, 15 Jan 2022 14:04:39 GMT

GET
H2 200 facebook.png
cdn.tools.unlayer.com/social/icons/circle/ Frame 9AAB 4 KB
5 KB 79ms
23ms Image
image/png 2600:9000:2104:4400:16:6c74:88c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tools.unlayer.com/social/icons/circle/facebook.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:4400:16:6c74:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 825d138e861045ba4e9f24dd71f54b70359f52363ce1bd8641769e91f30e43db

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 02:14:06 GMT
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
last-modified: Wed, 19 Sep 2018 06:14:13 GMT
server: AmazonS3
age: 14514
etag: "b325b0ec94b0100a6d2d808a41c52e31"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 4580
x-amz-cf-id: 12_jZxiYgRvM5mkSoJhxLs65wx3QA8CM_muUajsyDDXhl5KJ1ej0Qg==

GET
H2 200 instagram.png
cdn.tools.unlayer.com/social/icons/circle/ Frame 9AAB 21 KB
22 KB 68ms
13ms Image
image/png 2600:9000:2104:4400:16:6c74:88c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tools.unlayer.com/social/icons/circle/instagram.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:4400:16:6c74:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d7496e5f8eb0c4dd0f969ba1473fff6871f639dfddc2720c630811b2a3529b2e

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 02:30:27 GMT
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
last-modified: Wed, 19 Sep 2018 06:14:07 GMT
server: AmazonS3
age: 13533
etag: "631bce62ca5ff8c3a6374575c6164719"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 21744
x-amz-cf-id: dOmbUr_B7DWq24Y1YSZBqQ6fBCo4FSEVhz-9T3mAcm5DLFTk2XEHww==

GET
H2 200 twitter.png
cdn.tools.unlayer.com/social/icons/circle/ Frame 9AAB 6 KB
6 KB 68ms
13ms Image
image/png 2600:9000:2104:4400:16:6c74:88c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tools.unlayer.com/social/icons/circle/twitter.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:4400:16:6c74:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 55f1d23e943cb7defd9d11c837997271f491368ec5dbfc2f4cddaa60357b8615

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 20:25:07 GMT
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
last-modified: Wed, 19 Sep 2018 06:14:09 GMT
server: AmazonS3
age: 35515
etag: "5d2e04f9847349d875c3bdfa895daafb"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 6294
x-amz-cf-id: Qrkkq_0qO88x2BfhGbOEEBDPAmSmLcqy4b4DHWDQ5q_LSzVnl10Q1Q==

GET
H2 200 youtube.png
cdn.tools.unlayer.com/social/icons/circle/ Frame 9AAB 5 KB
5 KB 68ms
13ms Image
image/png 2600:9000:2104:4400:16:6c74:88c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.tools.unlayer.com/social/icons/circle/youtube.png
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2104:4400:16:6c74:88c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fc3d0a4eba928128909eff5a305ebb2b7234d404f0914a7544128fdfe64e2f5a

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 17:27:23 GMT
via: 1.1 0186e9c41d0aebb13c1398b95b7f4757.cloudfront.net (CloudFront)
last-modified: Wed, 19 Sep 2018 06:14:12 GMT
server: AmazonS3
age: 46117
etag: "c81028bee567771014673df274a41812"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: AMS1-C1
accept-ranges: bytes
content-length: 4808
x-amz-cf-id: nQXKxcjQBtXAkLtFO0Sqf8NLjXVN97kvjNDix3o0AexS1C6l3ZdERA==

GET
H3-29 200 JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame 9AAB 20 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTURjIg1_i6t8kCHKm45_dJE3gnD_g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.yinksukblog.com.ng
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:31:26 GMT
x-content-type-options: nosniff
age: 366273
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20040
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:44 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:31:26 GMT

GET
H2 200 / Show response
s0.wp.com/_static/ Frame 71AD 22 KB
5 KB 41ms
41ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/_static/??/wp-content/js/postmessage.js,/wp-content/js/rlt-proxy.js?m=20210413
Requested by: Host: public-api.wordpress.com
URL: https://public-api.wordpress.com/wp-admin/rest-proxy/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 , United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: 2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88

Request headers

Referer: https://public-api.wordpress.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
last-modified: Thu, 01 Apr 2021 21:48:08 GMT
server: nginx
etag: W/"60663f98-56cb"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
x-ac: 2.hhn _dca
timing-allow-origin: *
expires: Thu, 14 Apr 2022 02:02:07 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 619D 0
0 31ms
30ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CgG00nl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEvQJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8DdzcDXDIGd84SCR77E31oz88BqYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBABgAoB-gsCCAGADAHQFQGAFwGyFxoKGBIUcHViLTU3NDI4NjEzOTM4Mzk5NTAYAA&sigh=0nPdmWMArZ8

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 619D 0
0 16ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kwmve4dynzj1ma9w25v0vekqbn01dfg2jqhsdxxh59dbhemyz6esxrc5a7gb9vf600dt7rmgg12bv0r4cern7z3xw3c242y3b59cgxr7nvg7pfr4jwe8e6drczd88x32r09dpa6rat7e1pf2gw6g5mm451bzny7whv5h3mpvtkvfyf270c27qngy07w0mz9h2n90z4eszk729skc1gck5573dbgpc28xpnnvr6fw6p2dk2qrd92rw7wkfjn36qs3bqp6f728b1dagtnbh9t0c48gcjw3ymxbs7f1rmjd1tcdmqnyswyyyqsshqm6texzxqf758mhjkmsp27fsjc4644b9b9vwe750cs64xswmbvmntgcr8yndh21f9m532cd4h56b4d&b=YRdfngANbv8Iu8ZmAAv3fYZlbSLs2hauGQq3eg
Requested by: Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H3-29 200 dr Show response
ad4m.at/ad/ Frame 1F6F 2 KB
2 KB 24ms
19ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49ed80559f07cbc4f499290ca991d4ed001ac9f6286dea89b1ed898e21c6cd20

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https://as.ad4m.at/ad/vre"}],"group":"report-endpoint","max_age":86400}
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0"}
expires: 0
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
content-security-policy: block-all-mixed-content; report-to report-endpoint; report-uri https://as.ad4m.at/ad/rcv; upgrade-insecure-requests; sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
referrer-policy: same-origin
pragma: no-cache
surrogate-control: no-store
x-fastcgi-cache: BYPASS
x-backend-server: adsrv-wmp3
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d4569105364-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 619D 2 KB
1 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:10:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 320
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:10:39 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 476C 1 KB
749 B 8ms
7ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Fri, 13 Aug 2021 11:56:19 GMT
expires: Sat, 14 Aug 2021 11:56:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 65980
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 619D 124 KB
37 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 619D 14 KB
6 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 05:54:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1298
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 05:54:21 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 619D 0
0 17ms
13ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGoNBZRxjxMBRajk9wKys2zHc_hTxB-dGVuv0K_7sD8cYPhLPFku4eJf0Pz9JbKiNKIJnHVyMSRPfuS23q6TRpWu8PeA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame 9AAB 19 KB
19 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:400,700&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.yinksukblog.com.ng
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:32:15 GMT
x-content-type-options: nosniff
age: 366224
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:32:15 GMT

GET
H2 200 dpixel
cms.quantserve.com/ Frame 6271 35 B
210 B 12ms
8ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHrQjgzTOBD2MnxaL21pVfY&google_cver=1&google_push=AYg5qPKhci5D-HtYYeYZB0pu059Xm8H7dEQ8TRXdP4rpbXL0aI4At3BORbyJzuBjSjdCl2nNZC_QAfv3iorfvUku9fqGzWJ0jXgFMw

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://pixel.everesttech.net/1/m?url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Deverest%26google_hm%3D__EFGSURFER_USB64__%26google_push%3DAYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc...
https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJkZm53QUFCT1J3QEVDZw&google_push=AYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc5u8KRMdxe40JuRRjMA7xcV2jQ_1rYmSeZdQSgKFhlPla_3hmKK54hrR...

170 B
188 B

54ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJkZm53QUFCT1J3QEVDZw&google_push=AYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc5u8KRMdxe40JuRRjMA7xcV2jQ_1rYmSeZdQSgKFhlPla_3hmKK54hrR4x3A

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=everest&google_hm=WVJkZm53QUFCT1J3QEVDZw&google_push=AYg5qPKGIpDrR4wVexmsMf-mxzxAO7F1w0WSxCglFnc5u8KRMdxe40JuRRjMA7xcV2jQ_1rYmSeZdQSgKFhlPla_3hmKK54hrR4x3A
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
Connection: keep-alive
Content-Length: 393
Content-Type: text/html; charset=iso-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESECcfIuNJA8oFH7F-FsIxYoA&google_cver=1&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

170 B
188 B

52ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKsqJNcnxJb8ko8GTk0VSVsXmjfCM1BvEPHVnwGCH2pr7T_6NlWF_iSYgCmYFVhU1ZeMpF5E9HaDorquhmrhyn02MjQXFGMNg&google_hm=oBi0j9YZw7Y7kVXgsNhXJw==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: pngeluomsoo9t4indmoajdshtmhmlc89

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

53ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKkzDxYpFzVkkNkKH9nHY4n21_MQOsxC80TzXOsa_0pUHEpt1gerK-I-qR5kKLeqGs06kml6ORk4Dns6gFnBhxrEAITcoCo

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKkzDxYpFzVkkNkKH9nHY4n21_MQOsxC80TzXOsa_0pUHEpt1gerK-I-qR5kKLeqGs06kml6ORk4Dns6gFnBhxrEAITcoCo
date: Sat, 14 Aug 2021 06:15:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEJ2abKUQmxR73c7nCFdSzDw&google_cver=1&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6...
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6va4WFSw&google_hm=7E93LMaYRO-nvp...

170 B
188 B

53ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6va4WFSw&google_hm=7E93LMaYRO-nvp2J4JvQ2A

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPKfiv-yziulkyveT-JDqQ-BLNBjhMokw5eCb6xbBcf0ZeHewGReaZ1wl5gDWVxpaXCzV08m7K-1z73ckoAz-xbcdN6va4WFSw&google_hm=7E93LMaYRO-nvp2J4JvQ2A
pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: no-cache
content-length: 0
request-time: 1
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6271
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEK-9zkt_fjcPiGn8ooKbtNM&google_cver=1&google_push=AYg5qPLfKEwlrWhr4kBGdxUB...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLfKEwlrWhr4kBGdxUBXp4BQNPw5gWQJlXbVPyE7e46KJACj98f1RDjz4JhuIpTvJ0dGa36SacD04xttw0ANZby5L7yF_xdKA&google_hm=

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLfKEwlrWhr4kBGdxUBXp4BQNPw5gWQJlXbVPyE7e46KJACj98f1RDjz4JhuIpTvJ0dGa36SacD04xttw0ANZby5L7yF_xdKA&google_hm=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPLfKEwlrWhr4kBGdxUBXp4BQNPw5gWQJlXbVPyE7e46KJACj98f1RDjz4JhuIpTvJ0dGa36SacD04xttw0ANZby5L7yF_xdKA&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 13 Aug 2021 06:15:59 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 6271 0
12 B 53ms
49ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lda_wmsa4RO3Gub0OutbKAsSuKfrO9JMW85TmDIqnLWc8mMneyoCbLZhOnLI3kKx88wlbbXw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame A8E8 3 KB
4 KB 32ms
15ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5679377
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WkUG830v4CnKu2iegwj%2BKVwIn%2FmjRa6yimdCo3GVhBxT1XpPSCMpTvCd4EKwwz6VGyq29znfPgBl8iX5I3k4b36Qk9rJ0pgbTSewfK17lF36GOaHCtr85VYWfYqpGJB8mRouUJ%2B2XlWzks7jU%2F2wkUxmUg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 67e80d45dd354e8c-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H2 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 8488 3 KB
3 KB 29ms
18ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5679377
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aCkiuBzpfWn6xHoL1M4DkXoNWfxRkQMQxlkWcVcCjDD%2F9RDulu%2FxUGjIT86CdRWq27dyByvqZuYzdAcG%2BwN1aUM9m6tkerUdC9OSkTHnLnYQG9OhZ2sN4P2E18%2BlEQNKOZegkqdb28FU3ogFK11KmC7tnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 67e80d45dd384e8c-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
DATA 200
OK truncated
/ Frame BB8E 221 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76646f5c75f026c85dcd17b80ee40e0656aecf9e9d0a35225975e5eb47211d6c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 8F31 3 KB
4 KB 24ms
14ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5679377
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ql7P0q38HIUhCBzlNtfnd14goyyUXDcPl7kG93o3ap67xbJhRuRNkdg01c6g%2FJkPqNrsmc6NSY6YOyEuGPiMPnEeSuje7qYFrmKwTDPP8ZxqgGWPT60bdzbay3bzAEE9XuHk8DR%2FMtnyV7ivYxojteYHGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 67e80d460c620621-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 67AA 2 KB
2 KB 14ms
14ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Sat, 14 Aug 2021 07:15:59 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1761601
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OxQ1M7icm8seg3NkKGdCg48HLcB9hrVAz38KIE%2FP1wAvg22J3GvXoiPc3g%2FQhZL3zdc9SyA9XPqFfNN%2Fs9o%2B9%2FbUqUFZo9FeUVLPGcW05fYTkHdQniXsRFUWzGNHsGlwACsuYtA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 67e80d461a1a5364-FRA
content-encoding: br

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame F4E3 2 KB
2 KB 15ms
15ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Sat, 14 Aug 2021 07:15:59 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1761601
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A7zlbbQeGpXRyWD5G5Ty7CVUYBAAYp1VfSP%2BWVy7MFBJys1Zf84lkrwgAD73byztaF1tMVF4f1%2Bh9ywy9SwpuzyXbVC2dELRJ%2B3G1jcVMUdhcgpnkAguT0bMP49NDDJm%2BVVrcTA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 67e80d461a1f5364-FRA
content-encoding: br

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 615A 2 KB
2 KB 14ms
13ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Sat, 14 Aug 2021 07:15:59 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1761601
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7OlJSvREiZeRjnot7b%2Bxs%2BXx8amuq8OXGS4pZ4GpvKptb1ByhpyN1TUgr339FmA%2FdKg5bozS89YqRWrOl%2B0UxyZz7I7QjH2e9tP0umZYWeWeqflkOeh%2FIaiJzTWGUt7ZXgROb8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 67e80d462a3a5364-FRA
content-encoding: br

GET
DATA 200
OK truncated
/ Frame 619D 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d1fb6dc93affe11e3517f29664e43427297481e97115c13724eeaf6a8eda339d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame 30DA 58 KB
59 KB 19ms
17ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4045421
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zE%2FK%2BHxc37rdbcCyKO4KJXPUVxeQzv3uAEspE7Mzbino8awK27feuq5IyKJnwYUW5xz59ZjZWPxiOs1nHMx2v3JqiZ8O6HLl1jsxzKSj9OKr%2BH1OvdYBUy5M4oRogq8kPZilfWo%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 67e80d466a7c5364-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 30DA 36 KB
13 KB 16ms
15ms Script
application/javascript 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40400
x-guploader-uploadid: ADPycdvb4SNrOElqVCm_daUh4c_WHiGaxceFyD8IIU8f0k2fY-pH7kx3E6ib5P_jlIyW-M28FvvKLnbIhLB0tZEck1SY6yjTkQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dF8OZpRmoszh5fxPzeIpa6aflY5%2BFTSSgj9Lj0vipzoD2ezWvNbUX%2BrRcxhIqZo%2BPn6RgdogIwV4kzfxdedz%2Fw8N7VcaEENYSHf1hDenMlXNBRcz1cGrQENg%2BJxqJAX37JoNZVE%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Fri, 13 Aug 2021 19:02:39 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 67e80d466a7e5364-FRA
cf-bgj: minify

GET
H3-29 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 7BEC 7 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32cb6a30cbe85dfbaf717f6859078585d30348dde655cc7575346d783fe706b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 21:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3427
x-xss-protection: 0
server: cafe
etag: 11613503042230807371
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Aug 2021 21:32:43 GMT

GET
H3-29 200 default.css
ad4m.at/0.1.124-320/style/one-ad/ Frame 1F6F 58 KB
59 KB 14ms
14ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=/Fheiw==, md5=iazLgrLD9V76ltPySV8jTQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4045421
cf-polished: origSize=59196
x-guploader-uploadid: ADPycdtkioITd9kON3MDPr-nVhtDYZvM5BcWwBJS7eF-ZszN4EdBaLdVcBmWoP0vGtgvogL9Lz8Tib9QpKYbbvav9lA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 58969
last-modified: Mon, 28 Jun 2021 10:31:59 GMT
server: cloudflare
etag: "89accb82b2c3f55efa96d3f2495f234d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=82cw1AS%2FG4XuV%2FVH1SyAe2jAhfWcJUoa1XtczhKCzPPcx9WoHzyEak9Cr6Q97hFXeOwHKx%2Bri%2BwKfnAGkXEia77n2Q4VZfLYw25jn%2BKNZGXHHtSdzyFPw7EvpVSri5luBPME4ps%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1624876319573767
content-type: text/css
expires: Tue, 28 Jun 2022 10:32:18 GMT
cache-control: public, max-age=31536000, no-transform
x-goog-stored-content-length: 6688
accept-ranges: bytes
cf-ray: 67e80d469ac85364-FRA
cf-bgj: minify

GET
H3-29 200 fxpcopuw.js Show response
ad4m.at/ Frame 1F6F 36 KB
13 KB 16ms
16ms Script
application/javascript 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: ad4m.at
URL: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 40400
x-guploader-uploadid: ADPycdvb4SNrOElqVCm_daUh4c_WHiGaxceFyD8IIU8f0k2fY-pH7kx3E6ib5P_jlIyW-M28FvvKLnbIhLB0tZEck1SY6yjTkQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 10:08:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tx7pV%2FF4AktgypXBC0pTNKQvHjuFKpWYUJbcb5DAhi2qr3vJPv8kIhrZzQX9vhvSJucOtm3HreXsgCv%2BPVZgInxVv05vXVdp3cpcQjW2IfK8Eihg8CGj9YLGalo%2BHlNgkbS4FkU%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Fri, 13 Aug 2021 19:02:39 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 67e80d469aca5364-FRA
cf-bgj: minify

GET
H2 200 dpixel
cms.quantserve.com/ Frame 52FD 35 B
210 B 10ms
7ms Image
image/gif 2620:116:800d:21:51e4:db4b:4436:b305
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGusfpksKgedG9NFWaSTD9g&google_cver=1&google_push=AYg5qPKSEhDdw7iq5mTu2qZdb_kqNYVi-rDCGbTnq2vrJJo-ySr0iPiL7hMVtcTqdDvyo64yPOVBUzlDcWzArINXWD1vTaH983z9

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:51e4:db4b:4436:b305 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame 52FD 42 B
318 B 51ms
49ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIfFGozfuNwVGN6K6IYTEFQY-qBYGHsB6zEHOlhURcNqIjEzQfqZH3jr-fWR94UuFAA7AhYzgpOrG3EcoPI9CacwtprggDg&google_gid=CAESEOInFGyLY7fLRWOBS8FoYco&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2740901989&adf=1947424030&pi=t.aa~a.4143197931~rp.1&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280&nras=4&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=1489&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=dRRta9Q6zK&p=https%3A//www.yinksukblog.com.ng&dtd=33
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 52FD
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKKOYP6...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKKOYP6...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE2MDAwMDAxMTI2OTM0NDI0OQ%3D%3D&google_push=AYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQK...

170 B
188 B

53ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE2MDAwMDAxMTI2OTM0NDI0OQ%3D%3D&google_push=AYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQKcURtKtMcKrDs_xCXfMoww2F113Vo0

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE2MDAwMDAxMTI2OTM0NDI0OQ%3D%3D&google_push=AYg5qPKKOYP6FW77lZmiMLEpw5aP5QRu144cfPJenlrBnolmgbwjxr7bDgWGZJBQtD_mQKcURtKtMcKrDs_xCXfMoww2F113Vo0
pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sat, 14 Aug 2021 06:16:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 52FD
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

54ms
53ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpRMtFhTq9KYFqzNHQB_-jSwQycnVFSd05wPVfN4c3kI6AXbtYvfWqhk4MUhZfMfGIJ4Fx6iEDp6musMXc9Hq8vmLCa-3G

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKpRMtFhTq9KYFqzNHQB_-jSwQycnVFSd05wPVfN4c3kI6AXbtYvfWqhk4MUhZfMfGIJ4Fx6iEDp6musMXc9Hq8vmLCa-3G
date: Sat, 14 Aug 2021 06:15:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 52FD
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEJMv_FhTkbaCQtTgcKJF998&google_cver=1&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIWDctMVctRlJUOA==&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo4w71viBPAxVnU6Mq6EbyZ3gxD

170 B
188 B

53ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIWDctMVctRlJUOA==&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo4w71viBPAxVnU6Mq6EbyZ3gxD

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1NCRFlIWDctMVctRlJUOA==&google_push=AYg5qPIWFKyb-VCQj-c35LcHyx6uEfM7-pE4-s8NqsqsKZJ-Ba97Y9PXfxi-bpOQ8g9AmJZ6qDo4w71viBPAxVnU6Mq6EbyZ3gxD
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 52FD
Redirect Chain

https://ag.innovid.com/trk?tid=11711&google_gid=CAESEKxBi0Kk0_3WUBHfUavDwWM&google_cver=1&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBb...
https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBbh2uw&google_hm=7E93LMaYRO-nvp2J4...

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBbh2uw&google_hm=7E93LMaYRO-nvp2J4JvQ2A

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=innovid_ddp&google_push=AYg5qPK5sZCdEPZUQ4C5xbAK97JIeFcZJHbaVR4pBz1oEwwU4IU384052ivQ7q6GC4AJ_7ZZB72TAxbyVL6of9OY9_YcoBbh2uw&google_hm=7E93LMaYRO-nvp2J4JvQ2A
pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: no-cache
content-length: 0
request-time: 1
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 52FD 0
12 B 51ms
50ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jum1_Lwt6DncpW031sCvoS0TK4mQlhCvf83ogZI9ZDc9odGQVwS6E45-xJYAj39w

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 30DA 3 KB
4 KB 15ms
13ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5679377
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0v%2BmPyQt4UAP0nvhH1j%2FbCu9jL6c12dVfQY4NWIMERXfM8YopeCkw%2BHpRNrpxEj3vRPOFBwpz4n3wZZZz4fBMd492jb%2BQdgmb%2BAAfQ%2FSYJWw%2BJ%2FwaNVSYzA0qcM0nZBAkqj33nm%2B5V2qyXp6bGxkApzXtA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 67e80d46ad780621-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 476C
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEC5RfIBvcfCNCLbCZ1-gfZM&google_cver=1&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-D_YuQvEgyf6QJOio5mO-Z7YTKSVoYaqzrUEQa0Kw&google_hm=VGLtUueR...

170 B
188 B

52ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-D_YuQvEgyf6QJOio5mO-Z7YTKSVoYaqzrUEQa0Kw&google_hm=VGLtUueR082JSV_V3teKxA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPInU0aew_0BA2dr7JkAUvgGkxono7yiFVjjIerX2bmAWSwVrzo8j-D_YuQvEgyf6QJOio5mO-Z7YTKSVoYaqzrUEQa0Kw&google_hm=VGLtUueR082JSV_V3teKxA
pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 476C
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJyzLmP...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPJyzLmP...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZ...

170 B
188 B

53ms
52ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZoEmX0VAquUXGWNK0I_M4vFAgc03K4

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA4MTQwNjE1NTkwMDA4MTQ0MjcwMjQzMw%3D%3D&google_push=AYg5qPJyzLmPS50GbeNtwGE1G1THlO7mju7O9IsEtoIMcHk1kVzKuG8jbS0egO9PMLIwIZoEmX0VAquUXGWNK0I_M4vFAgc03K4
pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sat, 14 Aug 2021 06:16:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame 476C 43 B
324 B 140ms
50ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEAmhlN2G2zZX0CtAFTV03-E&google_push=AYg5qPIWh_gAc1tNlB7jVTZRyzcU1t6abyVgHrDTsqizDZAjdwRllxHZ-Re5ohyJWhAQWO9gcbRRIkkUDzUT35ZeQ6rmLsXnhw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=2946686461&adf=2955756018&pi=t.aa~a.2905763894~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1010&idt=1&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250%2C311x250%2C311x250&nras=8&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=3761&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=6&fsb=1&xpc=NIpJofbJDw&p=https%3A//www.yinksukblog.com.ng&dtd=50
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 476C
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

52ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4BzL0PczOfMB7aeNLNSyWh9Fxm990-g0i4LxAozIJCx4EN0ObplnAzgbdI6RYA3Vw9esFB9tM38K9LfSMeUV_NKfTlwo

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=s1rp5znuSo6mq4ZP-jFFag%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJ4BzL0PczOfMB7aeNLNSyWh9Fxm990-g0i4LxAozIJCx4EN0ObplnAzgbdI6RYA3Vw9esFB9tM38K9LfSMeUV_NKfTlwo
date: Sat, 14 Aug 2021 06:15:58 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET

pixel
cm.g.doubleclick.net/ Frame 476C
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEKxWttoiXGqcDew6417TGRY&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 476C
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEIbpODc29wFU5DEDWn6MX5Y&google_cver=1&google_push=AYg5qPKlyGfOXRELAFkzxYUr...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKlyGfOXRELAFkzxYUroF9kxjPnR6JMY3aJtM7xWWZLTJlXYA6OKwGXpevE0PMEZcbAr4KLXg6t1_G383eL6UwUix0Tunk&google_hm=

170 B
188 B

51ms
51ms

Image
image/png

216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKlyGfOXRELAFkzxYUroF9kxjPnR6JMY3aJtM7xWWZLTJlXYA6OKwGXpevE0PMEZcbAr4KLXg6t1_G383eL6UwUix0Tunk&google_hm=

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKlyGfOXRELAFkzxYUroF9kxjPnR6JMY3aJtM7xWWZLTJlXYA6OKwGXpevE0PMEZcbAr4KLXg6t1_G383eL6UwUix0Tunk&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Fri, 13 Aug 2021 06:15:59 GMT

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 476C 0
12 B 50ms
49ms Image
text/html 216.58.212.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Lhc3ylvPdqpearGORRHKTSR_UfXywPOmmEZybSp1xWF4qobwjzidhb0UFkHWMl-uk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.130 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 error_handler.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 44EE 7 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/error_handler.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

32cb6a30cbe85dfbaf717f6859078585d30348dde655cc7575346d783fe706b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 21:32:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31396
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3427
x-xss-protection: 0
server: cafe
etag: 11613503042230807371
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 27 Aug 2021 21:32:43 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame E978 2 KB
2 KB 15ms
14ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Sat, 14 Aug 2021 07:15:59 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1761601
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=syHXOr3jzJ8w8Wmxld%2F%2B%2FtYyt4JomR%2BhnV8skl6KnhuzHLgK8ISasPGGuSPFhW8Yg0jbWn05Sf4DIt3RMS9K7d3lH2hrSu9GCN0EnuFvfpqWfvmHtMXpVivB7pVeiN5ToRuYf9k%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 67e80d46cb1e5364-FRA
content-encoding: br

GET
H3-29 200 adchoices_default.png
static-de.ad4mat.net/ads/img/ad_markers_folder/ Frame 1F6F 3 KB
4 KB 15ms
15ms Image
image/png 2606:4700:3032::6815:57ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static-de.ad4mat.net/ads/img/ad_markers_folder/adchoices_default.png
Requested by: Host: ad4m.at
URL: https://ad4m.at/0.1.124-320/style/one-ad/default.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3032::6815:57ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e

Request headers

Referer: https://ad4m.at/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=v7nNsg==, md5=eUyE0w4hPsahRNZCFfB1UQ==
date: Sat, 14 Aug 2021 06:15:59 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5679377
x-guploader-uploadid: ABg5-UzzLZaEcDbjdbhukLGh7tDKAZOMFJOiU4iHwOPl8QLDCjazkiciYkkK8qFWGCtZPjDfwbZeIl1PxPDK-jxIb2s
x-goog-storage-class: STANDARD
x-goog-custom-time: 1970-01-01T00:00:00Z
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 3262
x-goog-meta-
last-modified: Wed, 09 Jun 2021 12:35:14 GMT
server: cloudflare
etag: "794c84d30e213ec6a144d64215f07551"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5WVY2KOPlh1x84wxzt3q91iDa92SMm6PViQbn%2FpG1PamtB9h7g%2BejdSf1q4CwpKSnwxRjGoCaE%2B1NSXVOjqOBy%2FIIeKigNI6oDWpo7M7psFbw6Rq4R3xJR5jDaYyGL0n%2BGXatpEFPXX2Kcg0HiswuQ240Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1623242114099744
content-type: image/png
cache-control: public, max-age=31536000, immutable
x-goog-stored-content-length: 3262
accept-ranges: bytes
cf-ray: 67e80d46edee0621-FRA
expires: Thu, 09 Jun 2022 12:39:42 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 62 KB
16 KB 7ms
7ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74faf3dba15909820c656f6c8a266891f47becd215f5d1d43b1855577e76584

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/11575576717432054682/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Sun, 08 Aug 2021 00:38:46 GMT
expires: Mon, 08 Aug 2022 00:38:46 GMT
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 16673
age: 538633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 44EE 0
0 30ms
29ms Fetch
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CSdjEnl8XYc2wNYOGlQfOlayQBcfF161k5OCig4YOn9WYz9oZEAEgs6Ovf2CVAqABn-fS-QLIAQmpAkjW9MUDyrM-qAMByANIqgTHAk_QGk-xqgJF37OxS0Icr_ZtPHkf_l3ZSehR0pPCzFMve4gIaSiHokuZCaiD97igvjzzWZFqueviBhUeZNr9k1gdJCcv2MSjHmG1Pm_whX41KqPXFntJnPfBkuKR2SG57Sj9xKhlbWKxJe0P34m3FkGWglATSHaLRESwNbyiV_DH4M87zv7BFJsUvUsiKXxe7N8TksiEkeWYYsVHFnsyZT8nUifioliprBpz-l7s9bPmVifbus9uPiWxpjnPeu53hjswwgBp8eUNgXT_pXIc7SlawX4F21zTk7JpNFWr3mRi2zhtmD9ziJPRgsgmG1lVyiPOdYW5PhwrntQZWajHdkdP_vH_0CByKweBBMtWWSNR1dbOsisDdxANUWIXI6HLLS6wVqTr0WGpc6HTrcuJ2l07e28ri144EARowKvPxIJidfgfvOIyx8AE1_HutbADkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB8mYrYYBqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEELDJBdIICQiA4YAQEAEYH4AKAcgLAdgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi01NzQyODYxMzkzODM5OTUwGAA&sigh=eppVm69PoKM&template_id=419

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sat, 14 Aug 2021 06:15:59 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 44EE 18 KB
7 KB 20ms
7ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:14:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 80
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:14:39 GMT

GET
H3-29 200 frame.html Show response
ad4m.at/ Frame 4B8B 2 KB
2 KB 15ms
14ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/frame.html
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4

Request headers

:method: GET
:authority: ad4m.at
:scheme: https
:path: /frame.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html
x-guploader-uploadid: ABg5-UyHG4nMyrBK5WNqT49HT3fkOWy09Qi7AMHmefEGKv6EedjpZshPX4m1mr0_df4AnWlv4nSV1j8tT1-PHgSflkckYhyoGQ
expires: Sat, 14 Aug 2021 07:15:59 GMT
last-modified: Wed, 06 May 2020 15:09:30 GMT
x-goog-generation: 1588777770164783
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 1681
content-language: en
x-goog-hash: crc32c=iTDHew== md5=c2ZaqCqAXxKd4MgeeQDU8g==
x-goog-storage-class: MULTI_REGIONAL
age: 1761601
cache-control: public, max-age=3600
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vJ1pUuk97NdFy5zxHDznKOE6NuSEUU4%2FvEPyvpmX1vXyx8KFVlUObR2hl1ayt9eindkTbbT4Y3NrBoBrdZ8sHkLreCmBKLqmAXsDrN1xMTcZUnO3AwhnyTpgNifM1%2B8JmgpOh2A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 67e80d470b775364-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame A8E8 2 KB
2 KB 35ms
35ms XHR
text/plain 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df601a5c34af6e6e95ad412dc72fce47d063cafa1e675442342a9c4991acfcac

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hz778qg3q6yhdbqcrx70129t9sj3zr2et93g0jgbwjk2aa3xev89grjb3jy9x331pg40j1egfpkc7517ahmf6cjsrsc3xxpd2w2x0p0chfcenxqwfjgzcrn1hw39jz6t5n88ckmcq97e7yscf5czykfh5j86b7110wjgvkydhpqrj52f3hykk2tgfby6phnnq7r8vq251fxy0jah4nnbyahxq3mz64mav7fktpenkzn1cnqbzjfa790xxyyqfr829em5kpcaa13by4yq6t7bjq3gke058bnhb57c9asrrantp12jq0dhf1p4bn0z3e7gfyywcfp2sv15ftv6g4w52sp1yz97smbe3akwtvknd3a250cdjefc9mzbth5j&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 67e80d471ba35364-FRA
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2JzsEOZdLlqE9P64yzANZpOW4Jxo59GUON4GIuyOMmIQMT0Pxo3%2BFrSHVS52wJYdCnzioD%2FwGt4MnJBchvo4nFkkz%2Fb%2BpcTvEGhlcTyaXzVjR0nyBPiceeXC7ymem%2BFWjaEjXdg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

POST
H3-29 200 rs Show response
ad4m.at/ Frame 8488 2 KB
2 KB 33ms
33ms XHR
text/plain 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6ccb27c8356d9bd27a7fb525fccb5c0f6b316581704bc930fed83edb30dfc3f

Request headers

Referer: https://ad4m.at/ad/dr?ed=1gskj8eaqvtv1xb81s4b1pkj75yx8eaabb8dr0q3atw5sjy7p45tx9mahw12ahs1ywe0nxjyjp4m1zkcfsn88wvhrt2n0ahndfds6phn4wvwvcj7gn6jzqejxr94mmf7t4g9f42zfcfb206ta5snkp4nhqd4scs46w02nt2ytv4abc0err9n4sv3h1snnhqpy7wzzeadsj83kpm8jmgbfzm4adamx35rq5gzr3y3sstd9bdyy340vahtcfz1yv1scmsfhmncarydbgxawq5tnjet34kp6ckdyfezatd2qfmftba37f7yrwwn7yc0k1p38hdj0704gysbt40r8736rr9wddhwfzbz5ckr34qh4rnpf1at30yfw63ht3rcp&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 67e80d471ba45364-FRA
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IvrCQah4t2GJfWIH%2FxasbxeOOKebIaAfhuPFH63WQTNnBwtITzIpxuXNrV2Le%2Bpd5uSk6qU57u8PEfTn17pgWaqe0J1aR5ZiEfwAxJRTv9%2FVoX4FClRg52NlhhfJ314CaejHj5U%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

POST
H3-29 200 rs Show response
ad4m.at/ Frame 8F31 2 KB
2 KB 36ms
36ms XHR
text/plain 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01cf8f4be89901df273819b24b48b9f680f58fb30fe7a119594273ebd11d2473

Request headers

Referer: https://ad4m.at/ad/dr?ed=1hxhbd4fa4g2r6z3chskd7rswbatzy4a66jfqb8jffqae5mfng44dybz5h5yp9nyafyx1b40pn60qyymbzzaj8gv0c6z44jbngce5x19xssqq6sgp8j7bjjz7sdffg0d2065xqq1c0qt90363drsy4bk59eqmbzngcqqnp5m325b594cqhywacxqc91ggset60g4mj2as2gg2zag3e795dh63nn10dnvkd24ysvfspknqt1rw0pvyc94q0kpef35vdv0mc175159bzr2aaern1nxfk9ds65vsq82bgqh798zpamrc8p4qm6trkv4s58atb8ywav9wpsrd4v3fvweya69dvdm3q38r4kw8cpgdy0wxct6wcbdbqn03n1ky&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 67e80d472bb25364-FRA
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LEr7ExavFPGc9htqwIzyis2Hi9X%2BadeSmDlvwdgQjBdFfYGseHfVCeu%2BaRg0BVs%2BuLnS%2Fl2252ckmASiZEpSTY6qR5vcXvgexsEJQdV810xtUo7eJ%2FVX3Z9eHIaO9vXbFTMcB6Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 300E 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 01:12:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 18187
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sun, 15 Aug 2021 01:12:52 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 300E 26 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 18:31:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42286
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Sat, 14 Aug 2021 18:31:13 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F00A 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnH7Zm4bu_POGrLweQosESl5oNnjSnqI9HZNXE1duJtSm4cC8YUAyJm1mRmk90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sat, 14 Aug 2021 05:16:26 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3573
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 44EE 2 KB
1 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:15:59 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 44EE 124 KB
37 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628854326415524"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38195
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:15:59 GMT

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 44EE 0
20 B 40ms
40ms Other
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CM33t7bur_ICFQND5QodzgoLUg&gqi=nl8XYafQNOn33wPY052gDw&layout=/sadbundle/%24csp%253Der3%24/11575576717432054682/index.html

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:15:59 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame C8A2 10 KB
3 KB 26ms
24ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ecd0cb638b1cd64b6ab25983b8e469c5cea5683540629a5f83b307eb1e852c8

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d476ed342c9-FRA
content-encoding: br

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame 8DA5 10 KB
4 KB 23ms
21ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78c07821deafc1b532dacb8e2b46275d276ac5a7fe165a83f641b171e31cd18e

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d477ed742c9-FRA
content-encoding: br

GET
H2 200 rar Show response
as.ad4m.at/ad/ Frame B67C 10 KB
3 KB 30ms
29ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59122677b5894cbb78cd10e2973e29ca80b4f4741b59c66f42be8cb8c95c27ce

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d477ee742c9-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame 30DA 2 KB
2 KB 33ms
33ms XHR
text/plain 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c317daded0638ddeec260bfc6c1571a6b8679c2b45abe382d2d914b40926e52

Request headers

Referer: https://ad4m.at/ad/dr?ed=1kmm11fa7b4t39q8yynepamb8pjbj1fkpt3fkdhqbj98bhk21qzf9tb69pk46nnw257gfzjs4nd5ksbabkb8z2ncvy4nwtsvqg594z6chxht5kpwx937qk6p531ecgy917cb4hacy2bmnezm43brs4j7cesjecf7gkv6e2v63yvvfzeztqgpa85qqrh0y2wk82trpd2qkrynd69yft0j8gnxmbmfnbbszccmqcsef7hqeny00stbaw8ym76wrdz7zy9h1e4wxp6mep6hh2d2phcwzeaq6dd6kckxkb9km2s99fs7gbxzy3cj2bqqkarkg9z48swdhbqyf50c1s5w2czp8essamsfbkrmx4atb98kvcxq3tnwfagw56540&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 67e80d477c055364-FRA
date: Sat, 14 Aug 2021 06:15:59 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=osFbBMs%2BNSkOmTgN3EQbuW6y4MElAjFMhUWZm7smiLHQ82vSc18qpQHr4Y5O13rtbnWNE8B1lyOehpJkJ4EuhF7oQdjb%2F%2FxCUqnRwuZOudBixibLFSXUBQQzko4%2FjXPaKaw2WVg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

GET
H3-29 200 1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js Show response
pagead2.googlesyndication.com/bg/ Frame 300E 35 KB
13 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d726e17f93c7242a22453cbeb9b7a58cb9724b5e2047e4057d363f53cb65ef85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 05:32:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 89028
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13373
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Aug 2022 05:32:11 GMT

GET
H3-29 200 cta_DE.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 8 KB
8 KB 8ms
7ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/cta_DE.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c6c90a9b3443352d72701940c7d481187437570b43156c994ce6a7f90c67eb9e

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 538632
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8540
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
server: sffe
date: Sun, 08 Aug 2021 00:38:47 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 08 Aug 2022 00:38:47 GMT

GET
H3-29 200 fechas_vertical_DE.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 14 KB
14 KB 9ms
8ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/fechas_vertical_DE.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

90e5243c11607e4a858e3edbfcb8f3401bd0cb682c48c1c10b023b9d5e38e7eb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 339355
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13906
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
server: sffe
date: Tue, 10 Aug 2021 08:00:04 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 08:00:04 GMT

GET
H3-29 200 experiencia_vertical_DE.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 15 KB
15 KB 13ms
12ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/experiencia_vertical_DE.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e60a3d9e5e60abd14d62324a850de1bd9e7e99d3f2153daf6dd1637cb35b2e67

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 339355
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15206
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
server: sffe
date: Tue, 10 Aug 2021 08:00:04 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 08:00:04 GMT

GET
H3-29 200 summercamp_vertical_DE.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 16 KB
16 KB 14ms
13ms Image
image/png 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/summercamp_vertical_DE.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd3c21db58383e67406558a08962488ed59dc0de0301fc3ee15665b0a7bd71e7

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 366095
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16162
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
server: sffe
date: Tue, 10 Aug 2021 00:34:24 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:34:24 GMT

GET
H3-29 200 fondo300x250_1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/ Frame 300E 94 KB
94 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/11575576717432054682/fondo300x250_1.jpg

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1661c6d01207f8e58d4babdc4f2352b965ef741777cddbb0319745fcf75ad933

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 277713
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96133
x-xss-protection: 0
last-modified: Tue, 06 Apr 2021 13:27:08 GMT
server: sffe
date: Wed, 11 Aug 2021 01:07:26 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 11 Aug 2022 01:07:26 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 44EE 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:01:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 847
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 28 Aug 2021 06:01:52 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame F00A
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

16ms
16ms

Document
text/html

2a00:1450:4001:812::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnH7Zm4bu_POGrLweQosESl5oNnjSnqI9HZNXE1duJtSm4cC8YUAyJm1mRmk90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 14 Aug 2021 06:15:59 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sat, 14-Aug-2021 07:15:59 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sat, 14 Aug 2021 06:15:59 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sat, 14 Aug 2021 06:15:59 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rar Show response
as.ad4m.at/ad/ Frame 3260 10 KB
4 KB 22ms
21ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e152953c298ef03794892fce548d8894d41c8e196af1d8bdf00c59153a6b5790

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:15:59 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d47cc9b5364-FRA
content-encoding: br

POST
H3-29 200 rs Show response
ad4m.at/ Frame 1F6F 2 KB
2 KB 39ms
38ms XHR
text/plain 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/rs
Requested by: Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6a3f52528956148eebb0a801086108795d4d9110dddb33d7ac4b2d4be11f8dd

Request headers

Referer: https://ad4m.at/ad/dr?ed=1jz4cxgnsvhg84m7saaby5gz0yx5gk8r797ts3xds1fds2bzeqsj779sgpz418j8vw6r0bazw3m1dmwv9wk6cankg43ynw552y49jb4dxtb2v3rne0c7ra4m9k2j9tpzmgagc8639gaz8m67ym00wydjsprwfjqgtbsaz42r9zj7qmfa3ccenha4fp64zxgzsvgsf78128smrqs8hzat5zx9c616msmd3tj4z3pd5d9fcdq0esqn73qcyr9y7cn017q1405xss2v7e2cb2v84nnpm8eqkj2t690yb65ypkr1nd5sj9nw0xx3591rzzp41yvtjrba0asaj4s56jc5ktj0ypqzkvaqtyyc89mn74wt7xx0x6zqqhxpvtpww&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%26client%3Dca-pub-5742861393839950%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

cf-ray: 67e80d47cc985364-FRA
date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BrLsZx7Ai%2FumvuyFNAk5aZjp1aorsnQHRzMhj4WLiEMY9EZGLmmzryOQ93XHer4UqH2ea2VpR9GAZsKPjtDglYZYUNJanTM7eqhuHJtgrIvScaKNaY%2FIEfOUOVG08b9RLExk5rg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain
access-control-allow-origin: https://ad4m.at
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
access-control-allow-credentials: true
content-encoding: br
x-backend-server: rs-rvz5

GET
DATA 200
OK truncated
/ Frame 300E 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 44EE 0
0 14ms
14ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS1p1PoCu5AcxEves8qExfgHvrZcalmBH3PdA7cPrIGB5dtxsoQBsWkTyI8QJgefZElYahwa5LRYIvdh9gbBSfc0fdPOQ
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5742861393839950&output=html&h=250&adk=1741763664&adf=1138558931&pi=t.aa~a.2905765805~rp.3&w=311&fwrn=4&fwrnh=100&lmt=1628892199&rafmt=1&to=qs&pwprc=9386409732&psa=0&format=311x250&url=https%3A%2F%2Fwww.yinksukblog.com.ng%2Fhushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1628921758813&bpp=1&bdt=1011&idt=-M&shv=r20210809&mjsv=m202108100101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9ec2944eee9057fc-22f65e94a9c90047%3AT%3D1628921758%3ART%3D1628921758%3AS%3DALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg&prev_fmts=0x0%2C1038x280%2C353x280%2C311x250%2C311x250&nras=6&correlator=287071621798&frm=20&pv=1&ga_vid=365881515.1628921759&ga_sid=1628921759&ga_hid=1245479048&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=1219&ady=2533&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=20211866%2C31062179%2C31062297&oid=3&pvsid=1058754279787497&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=6&uci=a!6&btvi=4&fsb=1&xpc=v38ngWkAlK&p=https%3A//www.yinksukblog.com.ng&dtd=42
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
DATA 200
OK truncated
/ Frame 44EE 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cd0c4089a15e56e8b7abfa14a60103b9b2ab530b37ab9b4db66489cc3169c76

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 rar Show response
as.ad4m.at/ad/ Frame 8BE7 10 KB
4 KB 22ms
22ms Document
text/html 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Requested by

Host: ad4m.at
URL: https://ad4m.at/fxpcopuw.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

39af9a6be05f72c267e3d9e8e30ea9d94445629a9808589a0c6b4cc271d0c280

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 67e80d487da15364-FRA
content-encoding: br

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame 8DA5 64 KB
8 KB 20ms
19ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 421896
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 67e80d488dae5364-FRA
expires: 0

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 8DA5 18 KB
19 KB 31ms
22ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 631934
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nDoQVyvKGYO4XjjLEIaK8viV43eDaM2fmcI0MLM%2FG94Z%2FOiCSaxgMKx8bM0T1OLpPjBukwOAUM%2FDGw%2Ba7o6jqB8nrFlqerX5o%2FkODXKZAZezjQEm2VxYneNKvv3xiVmahZGUuK6z2ffac0H8"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 67e80d4899e542c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 8DA5 2 KB
2 KB 30ms
23ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52698
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xYu7B0dfH%2FzI0OEz9AMKQuVa13emDdVsX7Atn8ACFkq63hGB%2Fg7cJ3BThIdfcjxgKG5KyM4C3NprRCSmqXOxOrToHrynwHVUK7Yfc4TpAstY%2B6yg5T6J9CoCvBuWy9xu6FRek4WCYx5hqKUg"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 67e80d4899e442c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 8DA5 43 B
704 B 208ms
91ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 8DA5 38 KB
39 KB 30ms
23ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17517
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v2okoOIRj%2FRzJH2I5zTKZ%2FOF2AGadbkiNWdY8UNm3yrhI0vYgI41UMGD%2B66T4EDy1fcofb5gQkYu1nyCsM5QFxMIQ6AP7VLOejjR7TSydfZCNjzRx0H%2Bil7LbrKnrJa%2FeMs%2F1SNVxYm2TrPf"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 67e80d4899f642c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 8DA5 113 KB
113 KB 22ms
16ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 196334
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BnR%2FLJtwGlGxTE9KdJWZfZAoNarxVj673FZEkmhTFT1NKYKejIsZM9cjsZqwwLETTdiNVFVfFUkSs5MVsrGGSJQOSAdAnorJ2LEKQJxqeZUl%2BSewNIU86ZZToxBOmnGtGfLp77QyzG4k9Fw"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 67e80d4899db42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 8DA5 43 B
702 B 220ms
98ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame 8DA5 8 KB
9 KB 28ms
21ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 365325
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdsbCHdvAmy_DDWo_WgNzFyfa3voA8V353z9OT3EheLcLme2OB0vw_ReaN3yWffYUGTkLTArj33jM_oL5av4CX6MzMWM0Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4m2ydFS3LcHJHYBkSYWJMLDp%2FxdaGPHS0ff3xdXO2LtJcg2Bkx%2F%2BPWGaJmynk199M5A7R7OMcQRvXBj6EuZq1OMAc5VwbIT%2FiPDbUl7jklXorrcLdmHN8E50UGQiZOj2S6yXAuBLN2ooFbU"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 67e80d4899df42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
assets.ad4m.at/product_image/ Frame 8DA5 30 KB
30 KB 29ms
23ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8638f3568cf35b04429b02b36b4f4e37baa12bf47b618e530dfa728022c1d41c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yOKvRQ==, md5=98ixwodW4fBCQU4EOgLh+g==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628443
cf-polished: qual=85, origFmt=jpeg, origSize=81547
x-guploader-uploadid: ADPycduVWZmIF5BxTLcDW0I5Ne19p0vrZyL_pAmBf84tR-rGzLe-XMR9KQ8IQevOMmwl8qG1NpH_odJSMvExCQxQ3t9biBZodQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 30226
last-modified: Thu, 09 Apr 2020 08:50:22 GMT
server: cloudflare
etag: "f7c8b1c28756e1f042414e043a02e1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OK%2FWb3TCzKhqyPJQO2PX9Qs9r2J26bzDxrqGbPgksEZs72IrZIYTAUwe7Fdtp%2FcUBomgwO3gjWYobZ7a2FiJRuq%2BE981hpFUv8lche7jS88NN6zouf0FQNuwcMqrLhpt6Zf%2BKSxiF%2FAeYRmx"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1586422222365290
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 81547
accept-ranges: bytes
cf-ray: 67e80d4899e942c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame 8DA5
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CLqgiLfur_ICFVAr4Aod6vgMKA;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidjjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNvasuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18727da0-fcc7-11eb-9723-692d00a25ac2

0
518 B

140ms
46ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18727da0-fcc7-11eb-9723-692d00a25ac2
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=jjkWDG1Af-UntCrY8pVp7JA-Gpj2HRNv&g=720684d74ed58dcb397e63ec0696ec37%2F3702265231165985559&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D232s9n8wpmf6hscww5k9sap0yp064sswy9qqrjzssvdqtbcqjyw70art7x9mvweb6zmhse48z6t5j8gzdte31p2eecyswj80qfg4b3n2c3crqhth6mn5bf0k8hk25mpy13etsx5m5wdj16ezga6panrkg8ehp8nftp54c5r6svs4518v9mr90vt8kh3stmrdzea98fr35rr93d5v6ngep55tg7k7geqkdxregxf11arpzvx2ky3fme68jwbta%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCZjHznl8XYcLqNJfI7_UP2_mBqAyQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoExAJP0HTEaND3nE-02PjAh4JxcJt2v08YwDmh9AJ4008nqjA9Tx00apPxw3P_F5OpcVHOE3QE_Ujrz-W7wUO4dY5SmV4CSjNrrUvh5oWHI1kcd7k8m36iL0uhX1mae0DiGhbMQINa4dlVmZK5UEqFwfNGh9XmuVSTBAlTm1lzCe0bnfKijsv9qIK8-y5GS3ZJfCkMJwTpGe2-gsO_n-lRaZ-d9kOXry0lK-7VPLKFpUzL39xg6_NzCPz9n3k1UJDhvdlLPhhSEGfwwA24kYrQbRcevlmupZrvRNSCL92ktqZtFkNjx6X4Q3bg6TLQMGMbwGW3DdS5Df8S-1cWUHDPOt3wXoucPDrJ7G8kw7B5IBMduC3MZ4oM9DEM7Mu2j2JsZ6vvkrSXKNGqz7iy-hbtoGGwkXqVsGWZqnZ7fdcfjROg3EqPS6eABvG6vsHMg5-1_AGgBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7EC2AcA0ggHCIDhgBAQAfoLAggBgAwB0BUBgBcB%2526num%253D1%2526sig%253DAOD64_0BvE89og31CE6k-wGThxk1NfX1Hw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18727da0-fcc7-11eb-9723-692d00a25ac2
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame C8A2 64 KB
8 KB 15ms
15ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 421896
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 67e80d488dbe5364-FRA
expires: 0

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame C8A2 18 KB
19 KB 27ms
22ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 631934
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e6DGDXTMKHFD%2B6cnHbnaHcg1tZVsgApSD3GT21Dk0zxCtW5v41PggXX2xgXUfNNo9%2Faej6GHJB6FGb5C9itV0H2SJeBZ3I%2BXwdpKPw5StF8Nl%2FqCxv7ewi35bGzX0FJeVSn33fO2jxGJnW8z"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 67e80d4899e242c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame C8A2 2 KB
2 KB 29ms
24ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52698
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UeoFF%2FZaZON%2Fc0ddk69ktYyrhzvvpwnOUFVVW8ExqrOE6wmTE1bAph7JHWg0inCV2L%2FSBB5rHMFXEhovi1eGt4nHX7jqA9TAOCN2HqLuoQSORhpBqw9cmIyKy4Oe69rQulJKo82p8vGAsTGB"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 67e80d4899ec42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame C8A2 43 B
704 B 222ms
92ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame C8A2 38 KB
39 KB 31ms
27ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17517
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vUsH%2FLwzjwLFK4b7yLbwD4Bn%2BES1bQIeUkeKEo6oGjbPSfj3Kjw7D3%2BK1%2BFjQqJMqgJV8ksUK6VHE1mBsEbTgVVN4tj8ZO5p8q5JUXZZahWi64G%2Fp%2FhmJDfF4g4UOLyYfsKfm9L1GcynK%2FX8"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 67e80d4899f542c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame C8A2 113 KB
113 KB 28ms
24ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 196334
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygR%2FI0vnNadlrzDGXhqsjBn8qE3zXn%2FW2I3Eq%2FHmG%2F4QKXi8yxjV1pl0agiJXXhdAwHBrC6aXWLKaAl47anOnAYaHd7BeYsZNGcbM4WGEi686ZZd8pe7miCvquAcGJkmlAYURweb2vQDL3bQ"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 67e80d4899f242c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame C8A2 43 B
702 B 230ms
101ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame C8A2 8 KB
9 KB 27ms
23ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 365325
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdsbCHdvAmy_DDWo_WgNzFyfa3voA8V353z9OT3EheLcLme2OB0vw_ReaN3yWffYUGTkLTArj33jM_oL5av4CX6MzMWM0Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7v0GwgGCtd9WCpOhOktN4%2FBMNRXfFBrh6v0SkuCF8%2FRpcvLlFVKFvZEYP4%2BD5kJI3jspGkUPdHIXeYY3VylJLuQRmT%2FspV9rscX3c6wZRMRFQTVYUTxlgRXjBrOyseq%2F1UgKOHubg4hNs4rK"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 67e80d4899f042c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
assets.ad4m.at/product_image/ Frame C8A2 30 KB
30 KB 26ms
22ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8638f3568cf35b04429b02b36b4f4e37baa12bf47b618e530dfa728022c1d41c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yOKvRQ==, md5=98ixwodW4fBCQU4EOgLh+g==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628443
cf-polished: qual=85, origFmt=jpeg, origSize=81547
x-guploader-uploadid: ADPycduVWZmIF5BxTLcDW0I5Ne19p0vrZyL_pAmBf84tR-rGzLe-XMR9KQ8IQevOMmwl8qG1NpH_odJSMvExCQxQ3t9biBZodQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 30226
last-modified: Thu, 09 Apr 2020 08:50:22 GMT
server: cloudflare
etag: "f7c8b1c28756e1f042414e043a02e1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gm7fVvgTtTvhyFjUTkUKiZN%2BYSL0r9T1Kt9J0R6gZxe1I77DoSuXozb5yB88Ny7mkAl7J8Epg7lmCFTu7giwWuTQBtP%2BkBY76%2Fs4K35l%2FrCtAKvyaC46hJ6l0h2sgFMAjRv9LNBeK2chQS6P"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1586422222365290
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 81547
accept-ranges: bytes
cf-ray: 67e80d4899ed42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame C8A2
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CP6fiLfur_ICFYnuuwgdIJIBaQ;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidOdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2asuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_1872a4b0-fcc7-11eb-a5ea-692d04ef6a29

0
518 B

151ms
49ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_1872a4b0-fcc7-11eb-a5ea-692d04ef6a29
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=OdwzaCy63SlfrS9Xm3YhSJ6sJJaLSvi2&g=919706976e64176374e777d2f5ec5157%2F432719764405447599&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D201cbthtv3q01xfg8fn5cxmsmk5w74jkxrb07jjnkcgr4n4ry8rky35z5r6a122n1h8cnt0c3k55cejnmvbj387ztptjfdj92dc0q8r9ht6g11px8qpxnsdv5rwcvhhn6yn03x9wvy2090qtkbgj5rnb8qzyd8z5ve4g6qp8gpbytswwyqd9brekvjjsy42r2fqg1ka15jnhvcq0vh0sk33x8zbksncpr41dbsec9n5zzh6qrs77yyw43b6mr%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCO_XInl8XYdv4NNSxlQelja-gBpDhgYRctqjCivACwI23ARABIABglQKCARdjYS1wdWItNTc0Mjg2MTM5MzgzOTk1MKABwq7o3QPIAQmpAkjW9MUDyrM-qAMBqgTAAk_Qh3tu1MH8tnN1zre92dOKayw8m3XryWbWMoR4E4EjWErm5LmueeHCcujapNx6au0l6_WtquhbPZLc8GtnAl2WEsHZFIZaR51UEKFrWHNvpq2Y8iW7c_2oyV_0DVcpBgb7AnnVmS-8Wlufm8rru125JumQx4CvP8MPsLt5bpmVXF-X7pTOm7auohsZ2fYCsrOPt3KWiN1QMXLpLopvSZ6MbQahvCRLZjcWlYvX5PfKSu-sW_6RISPxT-i8oMbefkJEok0e0PRpzMuB2ypqsSr2Y8rH139HP5E8-9JHwIqCbB2SRon48p0Uv4p1C7CKBBV_NZsnvd-Q7U8J3_SQUnJhW-9AnkRo7h8aK1DgISueLnL4nFNMC5rBb8u1qSjgqp1oRcRbLyIIHrXl4TmdZO068fbhFAENYDgtLEXuemsHgAbxur7BzIOftfwBoAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAtgHANIIBwiA4YAQEAH6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_0wVrPKxSXcEENEsASx7yIDGOniRA%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_1872a4b0-fcc7-11eb-a5ea-692d04ef6a29
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame B67C 64 KB
8 KB 16ms
15ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 421896
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 67e80d488dc65364-FRA
expires: 0

GET
H2 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame B67C 18 KB
19 KB 26ms
24ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 631934
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZmMiZp%2FpUzsKa0Tes3h%2FMtdVaN3Qqkvtr0PlBGVr%2Bj%2BEymwlsrFLJYZEHnUl9%2FKyLPLJZLjFxVTPKwB5mNBYgYIpCzbDzB306QrjO1c5FvXHEF99JB9J7GOuCDTlSu%2BwnijQXi%2BPpc%2FFrbO9"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 67e80d4899f942c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame B67C 2 KB
2 KB 29ms
27ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52698
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7FGjMhbFS%2BZ0h3zoDJNGFrL2mKFke3aJGaCMl4%2FWulZ2xfcDpSuQiXE4D7JaHnVlNlYj3RT2MYFe1lD98fsgjllSKnxl%2BM0RCuxSPUK4hf4zbhIRsKTrb5N99ABV2SdgOXdLtkut%2BKipoeB"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 67e80d4899f842c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B67C 43 B
704 B 231ms
103ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame B67C 38 KB
39 KB 16ms
14ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17517
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xaF%2FmRovd7u1nqB%2B5m20w4DSsI%2BfkQFBPaNCwAtJwOnAf9BGC8SD6%2BaDk3Yfi%2FXlVrKfECW567W%2BVbMt2ZEkRDOTllal36LSnMi0if2Ke3xmq5sfGn6QU%2Bg5MPddiwFcA5eL%2BBU2ncn9Yw%2Ff"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 67e80d4899d642c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame B67C 113 KB
113 KB 31ms
30ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 196334
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4j%2FiJRWTUEnFHoFrjRxX72xO1YP5WY%2Bti8Cs4%2F1wcGLfLFeslEOIFQXa43ztNaT1HBRNmlslfuaKUBUGk%2FGHrNb7rmRZf1bh8D%2BuPr8w1konsGwhMx8DtaPI8hFF7sujyrDPbPkVosIgC%2B2i"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 67e80d4899d942c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame B67C 43 B
702 B 220ms
93ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame B67C 8 KB
9 KB 25ms
24ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 365325
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdsbCHdvAmy_DDWo_WgNzFyfa3voA8V353z9OT3EheLcLme2OB0vw_ReaN3yWffYUGTkLTArj33jM_oL5av4CX6MzMWM0Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0BJuibf7jVSHvxse8pLucN61F7AOKPo4f5gT4O0%2Ff8T2bl2aqjMceZVgSU7QmReuCdSR5JK17vAe3%2BuEbjZ7anSRBSTI4C%2F7riHYeFDf3qKPmOCSukgPPAyUdQgjQsuLTp%2FLfL8OzqUP5Kh"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 67e80d4899fb42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
assets.ad4m.at/ Frame B67C 35 KB
36 KB 26ms
24ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/F49C2EAC44796C3CC36B7EB8176E57DD4979BB6953D52AE3EC354AC4722C65BE111766AA7B1FD623B46255E02B9A1FD3C70187E6A3B399F7EA1DA8FBFD78D485
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=DWwdxw==, md5=nrQF3oFd2dnh8eRzIt323A==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 195143
cf-polished: qual=85, origFmt=jpeg, origSize=40264
x-guploader-uploadid: ADPycdvvB6uzlBf85gejyOnLrDvuwZhKKXK1VpRUY0xBynHYzO5RBpdKXBT98Jm2FqkCYGe3d9ZkzSmbZtG7j1wbF8ydhTdT7A
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 35504
last-modified: Wed, 19 Feb 2020 17:37:15 GMT
server: cloudflare
etag: "9eb405de815dd9d9e1f1e47322ddf6dc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqoONRHlHbHqtQeSNQBhf4GOaMZE89njbq9BtpffWNmH2jbB6QBw4%2FfbU5Tq7ddYw7qsjz47yv0rY0mMrA7%2B8%2Ba35vlShGiml4XjG5ZNDTE7w76hZiJfDrhyeMJGO4Ua2wdkWu7xpwE4k7C0"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1582133835673152
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 40264
accept-ranges: bytes
cf-ray: 67e80d4899fd42c9-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame B67C
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CJqfiLfur_ICFcaEgwcdNYcErw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneidXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKPoneid__asuidVTYbchfeTM3ZDxQDhco3KqsBADQdmzxlasuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187ba560-fcc7-11eb-9723-692d00a25ac2

0
518 B

133ms
49ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187ba560-fcc7-11eb-9723-692d00a25ac2
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C15255&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2CXxVfzfrfp3Bh6H4HetqtxXpU8tkTXKP&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2Ce7RC3fVfmYMhjHZHet2CePVf7tQTx8J&c=300&d=250&e=VTYbchfeTM3ZDxQDhco3KqsBADQdmzxl&g=8d98f91a81af19d7cd96f5c22566d44f%2F17009880924374702062&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D20923knnwdv55ch9gmbnws1capvfx8vpncaxt4kjrn6wc9b0etwsf3qmpvw1q66pmk56dyyj0hpttb60x1ycxxq7qhpqbvgt66x46tgt3eapmtvsed168rq26k9pqckqdhbavb661xvx5qx119he4nty86dp49pvkt453q1e2swemvkthma996aa10m8pkqybrya5edxvv7n0j5a8a4k40hxc5q5n6j33we0hmqr7m80z1ns0zyzbt18kr6sg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCGAbFnl8XYd2tNZ7C7_UPkoaL8AiQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0FaqQm1IUvjEo_KlnsALuN_xMqLvyF8MjEPj3scB1yrqy6E6sKVPH78NDrdoh0_numnKtF6vlBovIBrQKdnTlIQmA-P8m5Ctss3WFLCXfQbu7eHrUia-0ad-tvcwIrcAqHR1IV0pGchNg8qd1wm07sIuLgshPxxC4QAvWOfmIxc5rB6lPff6y1TsD8fACNdzOLDPGDeky4PhQ9bAuE31LTk9qMfEugvqCb5KogUmBtlNEX7g2mOCB_clINOxzNd-EpfkS4Srh92UZJbnYYn-I38NNQzkWetOE0wOPCWsK6_7sGaUd_7tF6bqx35NTFuxe3EsJm2rt0FMq0KtNokXKQEO0y1nsQCTlzkFdzZYWhiuioj6ClZq4GNaHyqibLJ4FZLsQuCmuT9bOyvmW66VoFNNt9ov9GQbjcjTpuDQsIAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_2nkLWICMaqgzlfRqTyvU1T3-lJ2w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187ba560-fcc7-11eb-9723-692d00a25ac2
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame 3260 64 KB
8 KB 17ms
16ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 421896
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 67e80d48be055364-FRA
expires: 0

GET
H3-29 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 3260 18 KB
19 KB 15ms
14ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 631934
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s5%2BGgaDEj3xXKlyLjUHILHLeoHsy9IIBeqLv4NgzOfrZg8Jr7Lb9C8M1TSe%2BGrZu%2Fz%2FPSzcYuvFDJcl%2FxIrq9noFlxhYfkhnmWOwPv7GsypuQ%2Bgv6d9XDLE3eg6U%2FCOpbtg0%2FY2EzVB7XWkE"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 67e80d48be025364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 3260 2 KB
2 KB 21ms
15ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52698
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HK8757%2B3stOBKwwE2oYbIWZ7PD9dMrTm0krm2eje%2BpfoXYDzbjcOfnb4ll06YoLA0FgU5ae2b56h4XxL5aCHLZMx6KOZaprXLtEJdL0GXx4sXMmAf19M4i2S55UuC7M1JYfKkBLxEOW962Jq"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 67e80d48be145364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3260 43 B
704 B 267ms
85ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 3260 38 KB
39 KB 26ms
17ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17517
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MnU%2FW%2FDORdDui9PhXJGGVjdclzH2wiU5sLR3XTqZN%2FFSW7%2F91HBh8Zf2j1WHfJgmSJeBhu3JV7vQLtaJ5Qsw7DoVEk8LdWLRrelXN1T1%2BJB3rr00pn4EzwvTemP%2BbZbb%2BaKMSgIGsc7S4%2Bxb"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 67e80d48ce1f5364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 3260 113 KB
114 KB 21ms
15ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 196334
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Oddc4N2Wv9eRb4nFZgoIXoWgGWsx%2BoisBFAoR0TgzU8t6yLGclenglmdRXAdtPHOznjVg9jFAWHzpipORWrZFFIJnEQO2vDQLpirZHKbvsngXoDHpPNIyXkmNBxAyR7zXALH%2BvAYRSJkvQI"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 67e80d48be175364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3260 43 B
702 B 277ms
89ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame 3260 8 KB
9 KB 20ms
18ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 365325
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdsbCHdvAmy_DDWo_WgNzFyfa3voA8V353z9OT3EheLcLme2OB0vw_ReaN3yWffYUGTkLTArj33jM_oL5av4CX6MzMWM0Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwAFUHWAFM9TN2qeu49GOgteIlMSR3S1IG5QrPxYMOnxC4UXrxX2KVbodTH8xbPqB2ocU6JWxDCHIDRV6hxC1jiQSR8rg1lGEEHMfH8AIsotGqB2LAVBix%2Bzv83U%2F6%2BxWNnl1%2F1GHXGaYfgq"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 67e80d48be1a5364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
assets.ad4m.at/product_image/ Frame 3260 30 KB
30 KB 20ms
18ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8638f3568cf35b04429b02b36b4f4e37baa12bf47b618e530dfa728022c1d41c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yOKvRQ==, md5=98ixwodW4fBCQU4EOgLh+g==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628443
cf-polished: qual=85, origFmt=jpeg, origSize=81547
x-guploader-uploadid: ADPycduVWZmIF5BxTLcDW0I5Ne19p0vrZyL_pAmBf84tR-rGzLe-XMR9KQ8IQevOMmwl8qG1NpH_odJSMvExCQxQ3t9biBZodQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 30226
last-modified: Thu, 09 Apr 2020 08:50:22 GMT
server: cloudflare
etag: "f7c8b1c28756e1f042414e043a02e1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eFdTidfODGDvwq4IzuWno9d2D2dri%2FVgOwjWxPgqtBELZ9Y7sVRh6jZImGeq%2B4F%2FE2p4nN%2BBVcIkp26HqbLXWxwbsCDIl9vpMBbTjpanQ0H0E77UAyMOmLu5dKWWC54P4ZOCrxx67eQva2ge"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1586422222365290
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 81547
accept-ranges: bytes
cf-ray: 67e80d48be1b5364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame 3260
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CNWciLfur_ICFSWK_QcdPn0Fsw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidyqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5asuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187da130-fcc7-11eb-9723-692d00a25ac2

0
518 B

116ms
46ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187da130-fcc7-11eb-9723-692d00a25ac2
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=yqwsRAgHlIZaR84zvNHa7AaqOwI0zVQ5&g=b08bb43327d689a72fcc18992db8168e%2F12380896948729643390&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22p5g2e4hx6191tmm8qdsa2ngq7nd1jy19xxe0a46hz4m0cccyqyej0e9w7wdk2vqm7s64e7dyq12eqk1ym7hygax88vy5h410vbcycnvbc5qszxjhj7xztvat8f3s0xjdg9pcgp3rhe3g6jy8y1p04k7yjv9mkyk7ygkkx8nzy158et62wnz0vzsd0zsx1bvm4fb49gjzs7f1p1v683dp9k4y8wybaq6vp4bgd954nbtxq1zbvqqrksfq1tp%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCe731nl8XYYehNcCJ7_UP4tWM8AWQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0LpHIYh2zzexXzpUC7kqELucwy-z7mvkx87-JK72GKr5eoLKlpbrEwGqZVGCf2V4I76S034g0kkd4-3nekVI4qBRXrRowz2rWEZkshH3RgPV5a7kX46YoUqFWwTeWiC_u2-KR9dt9ESqHDieOvj2KBtaL7xRHxZ8YnPT58TFcHaQJQ4K35CKT1mdIC0IeJztG33naFTvCAVrk8EAi6W4fz72_qn6WfecoiRS5utnu60gFiyw3M0lOSKhgfBRw3TOaRBbKtbjGrW61KKdGv321pbMHpDhozl2q8Y8Mh3tZdbTLoM8EirMzRyh6x2jqtYxtDOCncbdAICFX0HAgpIDgU3GKyhKOO-XXsZu0DpLRJnnJs8-JEvVl8z11OcpdT6U128h8WjnjvGgq307dSEwuOGsyPZ_KCWCDGdxphZgrYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_1oWRDNa66U-6Loe3PVNWQ6Kax28w%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 0

Redirect headers

Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_187da130-fcc7-11eb-9723-692d00a25ac2
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.7/one-ad/ Frame 8BE7 64 KB
8 KB 16ms
15ms Stylesheet
text/css 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.7/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 421896
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
cf-bgj: minify
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 67e80d490e835364-FRA
expires: 0

GET
H3-29 200 B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
assets.ad4m.at/logo/ Frame 8BE7 18 KB
19 KB 22ms
21ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/B4CB880477BA810028D7D7613EE7E9E1448DC35AF48781E4B95EC6ECB7049A9AA27B107B317198EC504A03E948F7EC5A02BC2426A27879C893669BA93941B528
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=GT8dCw==, md5=4YyWNM3TGeacJ2VHXynNEw==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 631934
cf-polished: origFmt=png, origSize=35453
x-guploader-uploadid: ADPycdu8yFNSVixOkzyVy-xS6S5hRAwVn-9Oz6_PXiPiU9sxlRPRwyMKBYIwy26hEHJe9l1jbKPrU_cl315Z4yjT_iCtb-iZ7g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 18872
last-modified: Mon, 18 May 2020 12:30:29 GMT
server: cloudflare
etag: "e18c9634cdd319e69c2765475f29cd13"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4JrINKj26P0MmJmCgcChoraiYFDRNuaV69CPyEBDsygmfyP5mdXVS3fr2FF4KXLFAbI1LZIRUOptyjzArgV%2BJCphEgTtuchhHCPQHOlvqlXNQLIwzzTAs3C7%2FKkcFdVCnhxYbxNlPhQfDjzs"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1589805029334103
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 35453
accept-ranges: bytes
cf-ray: 67e80d490e845364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
assets.ad4m.at/product_image/ Frame 8BE7 2 KB
2 KB 21ms
20ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/A012F5D8E216B662BCC639EFCE48E0BB093DAE488B3795D30A56E98E58F3F85831088246988EB178E8D9AAEC22C831FEB67C179E776973AC655CFF57EDC5D13C
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=bJ9ALA==, md5=ejqY/mc9t7JQK9XG0TFuLA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 52698
cf-polished: origFmt=png, origSize=4031
x-guploader-uploadid: ADPycdtQ4jeKY8sLPiWjVJTUwFnbYCLm6B0tmmx49bCaKsEH0AqAmcOOsH9s-nWMC5gR9JVGMV7JupvfQVoNrIgX8Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1598
last-modified: Wed, 20 Jan 2021 17:03:56 GMT
server: cloudflare
etag: "7a3a98fe673db7b2502bd5c6d1316e2c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxeo6R4nJKC1Nc4FpFoQ5vU0XxfgVAIZBhOiMf85tGESH6zS4LMMRBg3Pnr5a3hI%2FI02BsJ5OaKTs45INxYqILieVSUN%2FWx1SV7Hg%2Bga7x2kPKYyDxpl9Ms%2BOxnrnakL6f1%2FpD2JlXpUt7xb"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1611162235947637
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 4031
accept-ranges: bytes
cf-ray: 67e80d490e865364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 8BE7 43 B
704 B 233ms
92ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519498&v=14098&q=368694&r=412871&pv=1&pref3=oneidDjeT3fwfbqPS3HmH9t1twAmF4tmTk8roneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
assets.ad4m.at/logo/ Frame 8BE7 38 KB
39 KB 14ms
13ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/092AF182BFAEB6FB9384BCD487C1B5A43125CF153AA6D3EDEC71241055FD8B61372C6BFDCCACC22CAB8E52B77906D491F783793EC97701304A15CA510282E399
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=EKOc3w==, md5=wqT4IuWoMfO1yrOci8rmHQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17517
cf-polished: origFmt=png, origSize=44613
x-guploader-uploadid: ADPycdtBFoOXl0DgvcLsrwDY2OH8h9Hpqvp4cn5FQalt_RjVy00YKIoYtXnJd3ZVDSi54i2j9YZAm1_RWaFEGJgDASR0imFG0w
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 39202
last-modified: Wed, 22 Jan 2020 13:11:41 GMT
server: cloudflare
etag: "c2a4f822e5a831f3b5cab39c8bcae61d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wb1pNvV6F8GeXPgiNEZ%2FQLcMHBJWcBjlwJ4nUwua80xBCl%2BxJGmyGROw9vri4BBLUdBrqZywRHgbsM5R2vYi0XWOajciTcZbvPdnnMqnDjYhzHvnK6F13Ky5f0aJVaIgtVPDHtOyoJITKOW"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698701189315
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 44613
accept-ranges: bytes
cf-ray: 67e80d490e875364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
assets.ad4m.at/ Frame 8BE7 113 KB
114 KB 15ms
14ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/69E7FB78A72BC29D22049638675F152BD0F020C6E7E7DD83AC85D812D70F34E088215F53E301063143245A4B72ED47974DE7618A14B827D305F065371D2DBE4A
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=UWAYGw==, md5=A1esecs/9FudVn6rgMfjTA==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 196334
cf-polished: origFmt=png, origSize=136328
x-guploader-uploadid: ADPycdtIzq_vJ5nFb2W5tssU-MDbTl1QbIm93RCyJfrmPzu-97-yWEwMzhk-34f3i-RKCXR0otX6ULdnrF6ohpilzg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 115268
last-modified: Tue, 29 Oct 2019 09:42:57 GMT
server: cloudflare
etag: "0357ac79cb3ff45b9d567eab80c7e34c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3WZr0TrIfFMSuCG0UVrI%2F9aNkrJraJanTVIvX35hLa5EsqSQ4kNmnYfwZO1jINoGQp2dX3CAINtaKWnwt2R9J%2BXhNEuJ4KcbSvy3g2UQ3E2kmbl5BXAhoc4DtHLS9YhqH73AM4ZUYpCKYSSR"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1572342177666668
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 136328
accept-ranges: bytes
cf-ray: 67e80d490e885364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 8BE7 43 B
702 B 235ms
94ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2338586&v=11830&q=357066&r=412871&pv=1&pref3=oneidDjeT3fwfe9T3HmH9t1tEjxT4tmTk8roneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
assets.ad4m.at/logo/ Frame 8BE7 8 KB
9 KB 21ms
20ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/logo/188CB8AAD064EA4A8191591B373E95EFBB15091EC45B736DE282B2519499BCCBCAB6FDEDC5113C2A7BE7DE03216809B9DDF8A0A0594CFE95168D455C315D4410
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=tG7Jcw==, md5=BMt+wgXOo1EVeu/7mY86hQ==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 365325
cf-polished: qual=85, origFmt=jpeg, origSize=16723
x-guploader-uploadid: ADPycdsbCHdvAmy_DDWo_WgNzFyfa3voA8V353z9OT3EheLcLme2OB0vw_ReaN3yWffYUGTkLTArj33jM_oL5av4CX6MzMWM0Q
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 8354
last-modified: Wed, 22 Jan 2020 13:13:07 GMT
server: cloudflare
etag: "04cb7ec205cea351157aeffb998f3a85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziz7DjZ0NDMl8myULfJ1EWNL84rPqbb1N24%2F%2BoCbmG7R7tZOKja91C%2FxhHFeds8i3qx7X3v36q3qSNyBkYkoF0dednvsuHswZsO9CtAu7wSNN7c1ZDGV8FDy%2F3hNCjXoKOdf9HU6dyJfgwT8"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1579698787150900
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 16723
accept-ranges: bytes
cf-ray: 67e80d490e895364-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
assets.ad4m.at/product_image/ Frame 8BE7 30 KB
30 KB 22ms
21ms Image
image/webp 2606:4700:3039::6815:c03b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://assets.ad4m.at/product_image/FC413BBA72211F5AF56B42ACBA3ABD3A49D827F593C9E1323C0F2A226E056430F688C15FF4CD83A6D4A3CFCFA1FE4220CE28CD84F613C42E73DA82679F4A107B
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3039::6815:c03b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8638f3568cf35b04429b02b36b4f4e37baa12bf47b618e530dfa728022c1d41c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash: crc32c=yOKvRQ==, md5=98ixwodW4fBCQU4EOgLh+g==
date: Sat, 14 Aug 2021 06:16:00 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 628443
cf-polished: qual=85, origFmt=jpeg, origSize=81547
x-guploader-uploadid: ADPycduVWZmIF5BxTLcDW0I5Ne19p0vrZyL_pAmBf84tR-rGzLe-XMR9KQ8IQevOMmwl8qG1NpH_odJSMvExCQxQ3t9biBZodQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 30226
last-modified: Thu, 09 Apr 2020 08:50:22 GMT
server: cloudflare
etag: "f7c8b1c28756e1f042414e043a02e1fa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M8YxTZ88KN302HNEb1giRzxCdQ4jvj2Jt1QzF7qZb11XT3GSFEPUtMn0Gveh%2BbdKwuoCjWBB6tFXEOIHpU1dEwqf7XYUU7gUdombsNGHSQYsnSXW9FGGcWc7Evrn2a4vE%2BfMywaC%2FzkTM0J7"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1586422222365290
content-type: image/webp
expires: Sun, 15 Aug 2021 06:16:00 GMT
cache-control: public, max-age=86400
x-goog-stored-content-length: 81547
accept-ranges: bytes
cf-ray: 67e80d490e8a5364-FRA
cf-bgj: imgq:85,h2pri

GET
H/1.1

200

/
banner.congstar.de/cookie/ Frame 8BE7
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%...
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CO-siLfur_ICFd7juwgdnhcDtw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_d...
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14oneid__asuidb96oYivPT2Dh97_HBQh9NkWDwP6fsKS1asuid__dc_reach_suite02wkz&gdpr_cons...
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18790d50-fcc7-11eb-a5ea-692d04ef6a29

0
517 B

146ms
46ms

Image
text/plain

148.251.139.77
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18790d50-fcc7-11eb-a5ea-692d04ef6a29
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/rar?a=14044%2C823%2C22451&b=DjeT3fwfbqPS3HmH9t1twAmF4tmTk8r%2CDjeT3fwfe9T3HmH9t1tEjxT4tmTk8r%2C3PZfpf4fjz2C7HrHAtEtpY1tMtWTA14&f=dEQfEfkf4BEuEHjHwtqCKQjFKt4TGW4%2CdEQfEfkfDGtEHjHwtqCkYZsKt4TGW4%2CWKmcrfdfM8maYH5HjtDCrd3t7tETJdP&c=300&d=250&e=b96oYivPT2Dh97_HBQh9NkWDwP6fsKS1&g=f686689d698c7ba0847a58577cd9bac0%2F11248832085151555128&i=25007%2C9719%2C25174&j=16%2C16%2C16&k=0&l=0&m=0&n=&p=&q=&o=dc_reach_suite02wkz&h=https%3A%2F%2Fad4m.at%2Fdct%3Fed%3D22g2fvnbw9pj8zzynam9j5jtm8k71st6r5aaeajwb6a24ywrjhb4rdzhzggvrpmh8fmxjrbncamkqmws8whxbz2drmej47e2hcn14m82phrq8517y8rzgahy7em1gk5xcsqj2ktrgcvg7mzrt531bbwsvm642g7b5tgxn5a8kj66wtb4nxtncz5fhtxeq7wngjnwzmt9y8yxg3g450f6n1q4g3k4fsg9bdv3w8xvemmjavmr41tw0413t8vxg%26h%3Dhttps%253A%252F%252Fadclick.g.doubleclick.net%252Faclk%253Fsa%253DL%2526ai%253DCh80Snl8XYf_dNeaM7_UP_e6viAqQ4YGEXLaoworwAsCNtwEQASAAYJUCggEXY2EtcHViLTU3NDI4NjEzOTM4Mzk5NTCgAcKu6N0DyAEJqQJI1vTFA8qzPqgDAaoEwAJP0KDBZzOl9x0Q04tW1w7DHaSWPXSVrL6x5xL6XQnelLQomhG-kAF3dSGXLvuZORq7B76JeK6QjyJhP3WOustpKXf46v1EvVkEcuSNY5_SjhqVrQ1HcxpLCTNikVVmBD25beG0Fz-lA8AsaKiwPsxz6kQv1Hg2aMNdtXLyway4VpMH4bl9AyKlpoftFMoOXz2kkJVQXiCUQJ-ewNGnjSLqvYJ4KSatl9r9GimaXrRP2TdNuv5T961IPsOmyklCrPPe3AuzLFZvCXhLC77eZNQfHAUq3aLRb5FD4BAmng9SVDPZMEWoubhL5kNwSY0uheEz4ulpmppDR8HB31-57ntsHD_IAIvFBPotDwrPHBDtMwcofu0jb230wAhi_bBICtKgEf2BOokPIb8Dd3UBUaDRoklSwZmzhachXT04vU8sWYAG8bq-wcyDn7X8AaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQLYBwDSCAcIgOGAEBAB-gsCCAGADAHQFQGAFwE%2526num%253D1%2526sig%253DAOD64_0UlCmt5hJo-oYRpaHI1gn8W1SAsw%2526client%253Dca-pub-5742861393839950%2526adurl%253D&y=1&z=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 148.251.139.77 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.77.139.251.148.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 14 Aug 2021 06:15:59 GMT
Server: Apache
P3P: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 0

Redirect headers

Date: Sat, 14 Aug 2021 06:16:00 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1628921760_18790d50-fcc7-11eb-a5ea-692d04ef6a29
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H2 200 img_7789.jpg
i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/07/ 11 KB
11 KB 38ms
37ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/07/img_7789.jpg?fit=414%2C232&ssl=1&resize=350%2C200

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

38b54655415b2c40d1a8a919b3f9b333b7d3d88409f3be738216676a92777867

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:44 GMT
server: nginx
etag: "aeca48c72d4c1afd"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/07/img_7789.jpg>; rel="canonical"
content-length: 11286
expires: Mon, 14 Aug 2023 17:26:44 GMT

GET
H2 200 img_2205-1.jpg
i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/05/ 11 KB
11 KB 39ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/05/img_2205-1.jpg?fit=827%2C716&ssl=1&resize=350%2C200

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

25e795b9ddbef5743ff3a75e29b6104408718998ef7820223451f12aad88abc0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 4
date: Sat, 14 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:44 GMT
server: nginx
etag: "68c462fd64cf7fa4"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/05/img_2205-1.jpg>; rel="canonical"
content-length: 10752
expires: Mon, 14 Aug 2023 17:26:44 GMT

GET
H2 200 6030d333d00a4.png
i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/02/ 75 KB
76 KB 39ms
38ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.yinksukblog.com.ng/wp-content/uploads/2021/02/6030d333d00a4.png?fit=696%2C826&ssl=1&resize=350%2C200

Requested by

Host: www.yinksukblog.com.ng
URL: https://www.yinksukblog.com.ng/hushpuppi-stole-americas-money-for-north-korean-hackers-but-never-knew-kemi-olunloyo-reveals/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

96fa5858b5c4db4491e6983151fd91ef3da487bc349a65868d178efba6e9c224

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Sat, 14 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
last-modified: Sat, 14 Aug 2021 05:26:44 GMT
server: nginx
etag: "5b3d2cb7af676bee"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <https://www.yinksukblog.com.ng/wp-content/uploads/2021/02/6030d333d00a4.png>; rel="canonical"
content-length: 77160
expires: Mon, 14 Aug 2023 17:26:44 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210809&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6dd7a42aca22ccb0e00a71127c7e148fcf01b121a461758da978c32387e4c184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sat, 14 Aug 2021 06:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8592
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 14 Aug 2021 06:16:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Sat, 14 Aug 2021 06:16:00 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame FE8C 12 KB
5 KB 7ms
6ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Fri, 13 Aug 2021 20:39:22 GMT
expires: Sat, 13 Aug 2022 20:39:22 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 34598
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame E1D3 783 B
535 B 17ms
17ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

abbc5e1bc18c31744d8fb582b2648b13338a2036b98e35184c6461ab1eadf16e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Q6JS69OZ5Rj1TBOttW9BGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.yinksukblog.com.ng/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.yinksukblog.com.ng/

Response headers

expires: Sat, 14 Aug 2021 06:16:00 GMT
date: Sat, 14 Aug 2021 06:16:00 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Q6JS69OZ5Rj1TBOttW9BGQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js Show response
pagead2.googlesyndication.com/bg/ Frame FE8C 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/1ybhf5PHJCoiRTy-ubeljLlyS14gR-QFfTY_U8tl74U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d726e17f93c7242a22453cbeb9b7a58cb9724b5e2047e4057d363f53cb65ef85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 13 Aug 2021 05:32:11 GMT
content-encoding: br
x-content-type-options: nosniff
age: 89029
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13373
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 13 Aug 2022 05:32:11 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gda_r20210809&jk=1058754279787497&bg=!DA-lD0vNAAbOj6irzo87ACkAdvg8WiTK31XX3dt9ecEvNWXhFjPYC6FqoA_Kgkq3WIpDeA1Wz0YPtAIAAABqUgAAAAxoAQcKABe1QV1IuVDmbfUhf2UoxHJG_TAjA8ihF5kCgnJ6hQP6ujcyRb2yplBYgSrcCz7HGxyin8KEFRBHFqV1TuXZgzYKLPB3MvTLuWXTwygRrLWe-7p9owc7ZxAv8Tu3uutqQF7M6LHyrbnZH07F5NfYgEq4QFeHUJiiVPz6Ht3nuI_xwax5J0fReKvDh86v6MOwAc8JBzT9KOiU2rcur2OUwDTVQnD5Z4LPVioEBSw3tu8cqVcCW2fTl7jt4cFdcWpxrdZU7asNhjXFMB6yief3jsqbvy4pyGSTX62tnMfIrpzpnmLQ48fi2I07ANUCwrPo-xTWe_0-iFWTAabozYzDSRY4CxvscLGAIjP0aovTmguYzqKNhmVhPuyPZUDNk0wqjtuou20IGzmGJ8-yDirwW0bOhOByVGr7yFuA5g6onQAB6GTvcjWfR1IPghRs6KEwVmvZloYsm9yh3NwvQ5xVIbd2NoDudyTZF7qoj9iFXwReEyOQSgwJev7RqyzCZpKgE4S1ColOzHPk4tuy3Qtwj89_UVAmmBk9FdShJ24tzN7yfAZH1aReCw6ZGQuDPoj6pyevy64gttqUfmCLR5bLWYnEMi11TMGUGt5IOtw6gfEjnJyiiasIaqM4jHUb10iRnDyyDCcNrZEIhWep85hgTAWY5J-OdYYJkE6Fj2LE9l7293_nWHl1YK73u9ixkodpYRZk-1any-9rX3hJLy4q0ESwV1x9KO8Ly6taiRxNJa1lnAcub_LX7r0UTllYmk4FL796AQo7rd658dCPnu55ZiRXacCWZ3O-T_9-6THW7R6WnR0w0OJeFLn13f6ewa7InCL8dUq1ngN3GxycExg3LPYmEpfwp-ARiE_J0GW_GqE8_DBcEZXoaxFwx8BXTQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.yinksukblog.com.ng/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 14 Aug 2021 06:16:00 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPJ1NNO6ArhiHjHXHvEn71U7Z3yaoYeJM3lcmvyjykJZFMWmdKaK9YmRHcN_G9ZTn18kR_EEDX_1sT1ALdn-wz62sZ3_xA&google_gid=CAESEKirUlXttaEPASQAOKWx62A&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_gid=CAESEMZN9J7jiObxeaxw9JIyD_8&google_push=AYg5qPJTv3aOLjvVR3dOhptTr3ijTrXgxFR3G3zRbNSbifXFQqyHOUJpgwqJeqamWi4FgatjC5q50OERCBzIG8Pa8BBOK_yCq7Y&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_push=AYg5qPK7usFQgny7UpLULctJBBeoOIbXSrBNwG2SSBH3wQLKZEBvSwGY4UpvVyGTHUWcOa6RV65e4F9YobY1hHxZL8n3LN0YD5xX&google_gid=CAESEFqetlzZs1I7BJX1DziRmYU&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YRdfn0O9yx-R2sG7aJLHggAABMIAAAIB&google_cver=1&google_push=AYg5qPLHsT4fdKB-csbyKIUnYJabk0YkCof-948-sRmzWsqOAUzvGLhSE2Lf3FzLAmKcVrU4bW2T-kIbWm7VZUnMrCIAWrc0pHI&google_gid=CAESEKxWttoiXGqcDew6417TGRY

Verdicts & Comments Add Verdict or Comment

174 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-19 20:28:45	Name: DSID Value: NO_DATA
.yinksukblog.com.ng/	1970-01-20 05:50:17	Name: __gads Value: ID=9ec2944eee9057fc-22f65e94a9c90047:T=1628921758:RT=1628921758:S=ALNI_MZKNi4FfDS8Bq3GcwI0hReCYXAIdg
.doubleclick.net/	1970-01-20 05:50:17	Name: IDE Value: AHWqTUnH7Zm4bu_POGrLweQosESl5oNnjSnqI9HZNXE1duJtSm4cC8YUAyJm1mRmk90
www.yinksukblog.com.ng/	1970-01-20 05:14:17	Name: _mailmunch_visitor_id Value: 09c78351-0398-483b-bf4d-bae0fbfd39ff
www.yinksukblog.com.ng/	1970-01-19 21:11:53	Name: hustle_module_show_count-social_sharing-1 Value: 1
www.yinksukblog.com.ng/	1970-01-20 05:14:17	Name: mailmunch_second_pageview Value: true

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://c0.wp.com/c/5.7.2/wp-includes/js/jquery/jquery-migrate.min.js(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.7.2(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.mailmunch.co
ad.doubleclick.net
ad4m.at
adservice.google.com
adservice.google.de
ag.innovid.com
ajax.googleapis.com
as.ad4m.at
assets.ad4m.at
banner.congstar.de
c0.wp.com
cdn.ampproject.org
cdn.onesignal.com
cdn.tools.unlayer.com
cf.mailmunch.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
forms.mailmunch.co
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
graph.facebook.com
i0.wp.com
i1.wp.com
i2.wp.com
id.rlcdn.com
image6.pubmatic.com
odr.mookie1.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.everesttech.net
pixel.rubiconproject.com
pixel.wp.com
prod-rtb.ad4mat.net
public-api.wordpress.com
rtb.openx.net
s0.wp.com
secure.gravatar.com
static-de.ad4mat.net
stats.wp.com
tpc.googlesyndication.com
translate.google.com
translate.googleapis.com
widgets.wp.com
www.awin1.com
www.google.com
www.googletagservices.com
www.gstatic.com
www.yinksukblog.com.ng
cm.g.doubleclick.net
104.111.215.191
104.111.239.217
13.32.22.59
142.250.184.194
142.250.185.230
148.251.139.77
162.241.218.217
18.194.175.178
185.64.189.115
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
192.0.78.22
216.58.212.130
217.182.200.19
2600:1901:0:76b9::
2600:9000:2104:4400:16:6c74:88c0:93a1
2600:9000:2181:f600:4:c961:9640:93a1
2606:4700:3032::6815:57ae
2606:4700:3039::6815:c03b
2606:4700::6812:e134
2620:116:800d:21:51e4:db4b:4436:b305
2a00:1450:4001:800::2002
2a00:1450:4001:800::2003
2a00:1450:4001:800::200a
2a00:1450:4001:809::2002
2a00:1450:4001:811::2003
2a00:1450:4001:812::2002
2a00:1450:4001:812::2004
2a00:1450:4001:813::2002
2a00:1450:4001:813::200e
2a00:1450:4001:828::200a
2a00:1450:4001:829::200a
2a00:1450:4001:82b::2001
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2003
2a03:2880:f045:12:face:b00c:0:2
2a04:fa87:fffe::c000:4902
2a05:d01c:1d8:8101:6861:1a90:aaf3:9d73
34.98.67.61
35.227.252.103
35.244.174.68
52.18.11.109
54.225.129.59
69.173.144.138
01cf8f4be89901df273819b24b48b9f680f58fb30fe7a119594273ebd11d2473
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
02ae9f5ba0cae9cd8387b3d61f18a5b13e0882d230327ec625e1de87306e957d
0515cbd1f8aee97e1c8e0d1d015ca96c86def13e90d2e73bf813072ccc23d531
088c41f64d9e5f1be3bc6a8aef4af527fec627f3c359af213b11f589d34a3337
09363cc7c668ce12683214a9877ae9c068a82dfb8f64111355933c24e7193a98
0969d06336bfabbe2ce45a111e772ee05034d5765676a38fffc5f49ca714fede
0b5b4ba4aba14e61b6e76504bb30457cc359c65b84a3b74ebc6e8e9252f472f4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cd851e5b33af0fbb354df65506da39807b998e07723f3d08aba5179fa2ed97e
0dfaf00c6bc145931492fc92c26ab1c4d0cb1158332b0b088e3b5eb7d493ae83
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
111cea4209818a9350fc28c5ecf46ef9c0b3f3044cc7e0f8c3d197a725d3cca7
11632184e4596c4f67ded9215866d46120738a69bda08bd9b2fd0a111edd3e65
13b5eece5a7359f9c0de2b4b3c24eeed42fa547e5811238bc9434dcc975bb101
143ce443c390db3b8598f951de20bd04623859a581a15b8cde43ebfa1f8ec103
1661c6d01207f8e58d4babdc4f2352b965ef741777cddbb0319745fcf75ad933
1747032cd2e0e989ddfcd5c7724348d73aec2aa8ed0d7417fd41537981c2040a
17e0f2cdeb90849cd06c28f869b7621e1d2f8a96e2f1046423d9b28d50d5c51c
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
182eeaa3a818f4de1b14cba3adcec75a1e9bf92ffc2c094e2699a8263d956d93
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
1bce9b967c390389824b65f32db8712723d6e2fbd06a0d9552008e6cb595ec52
22e06ff7d106293a00529dd5a150ea0c6747471bba3f49e514fd50b3cc2d09f5
251c607557e1302862934faeb35d7c9c20cbb64b4abb6a4faed721b71db501f2
25d598228d9701f39cf2fa1b2a1196b7826afc43943df00efc025844215f9e45
25e795b9ddbef5743ff3a75e29b6104408718998ef7820223451f12aad88abc0
25ea523d2867c1c5a6e150aa0b4df05d77a1a97c5256061dfbfc32d45743be79
265c34f4c62e6423e270cecb0c422b735dfb0f18cea04c2ac343b6f22106661e
26a8833b3f616d42ce16ba186e2283f43aaca6b97ce2231d38e8789bfc6f0798
29e98d98133dbfa2dd71aeebab7ef957f737c59f13c6f85c04b245c403e373ef
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2cd9de3dd26246204749cff259bc34e8e6a47ae5d6e4528b9b28c75d68d50cde
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e443dbb116d4efb3edfddb77cd4b2c93313cb6d8e75800602a92f0a9fa22d88
2eeaed1b310e214596abec926291c1a41c6333ddaeac312886fc0b5930d71f0e
2f0d44eda942cc347ef1998fc4660330bfbd3d7cd43f21b9956544135ba296b0
3217f8327de850554d14912899be053f5dd80da82e2e7ad833c61c6150524153
326d0bda74e1b897845728260dafccd9ec8847ce2180eb0cae0255097308f688
32cb6a30cbe85dfbaf717f6859078585d30348dde655cc7575346d783fe706b1
33e1c9aa01e330e61e3472e3677c38a51285fa8424364efb5d4c031a0e285be7
366f4681048c42bb11250a21fd7529d985b6c4ac01164b0d123f4306b0e17e14
37637582d715f8ff4aed6a140b00a766205c05294e64c8bf7bcfb8c9d4faabc0
37a14da858caee742741d5f558bc6489f9abcefee4aebb9f68db96106e38f2c1
37b945e5fe609563e83b37edcbfe3d18aac072a55fc8962978afdf597a3c4aa8
37fbc56848d8a6f47f63521ede0688ab5769b28faecbd34e9fecbfc9e1dcd029
38780fd37862e840afebe9cc9ae8c76e9201b13d136621d4760f54bcb1983c44
3879702e5f7fd75beeed27b9fe4fd0ea2c87e0c8d994ff31b06168eb3bfe1c92
38b54655415b2c40d1a8a919b3f9b333b7d3d88409f3be738216676a92777867
39af9a6be05f72c267e3d9e8e30ea9d94445629a9808589a0c6b4cc271d0c280
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
3c317daded0638ddeec260bfc6c1571a6b8679c2b45abe382d2d914b40926e52
3d83bd776d83fb1bde8310c0848cb6e3137b4eb5291c9d6e822740ae9536ecac
3ecd0cb638b1cd64b6ab25983b8e469c5cea5683540629a5f83b307eb1e852c8
41885c95c8d2d89d2d620c7d3a4099c1aff2c758d013cb060a75faa7e9aa511c
437e6e23bb4219f1dd245da75b1729666e71fbf31985189fa35be75702b8cab9
48ca39c75cc66f15688a8035b7aa69aa71c1ac7a5dbd3535f2b43df0b30bf0df
494627acb3c86254c238efaf66afcaf30d4293c7512a37a72b51a380d55e3880
49ed80559f07cbc4f499290ca991d4ed001ac9f6286dea89b1ed898e21c6cd20
4ba1f244153772f9b44d3730b3b9114c3b53e8f909066796c59fbfea60889141
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54d35e66675f9cc2ab471d0c389573b5ab0902937b397914a177712b27678a46
55f1d23e943cb7defd9d11c837997271f491368ec5dbfc2f4cddaa60357b8615
59122677b5894cbb78cd10e2973e29ca80b4f4741b59c66f42be8cb8c95c27ce
5aa600aea047cb99c7e2c22e7edaf89f0539a6772a21981636e21da89bed440a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5c07bf9030db06151cdb6d6d41eafe701bf4ee1c81a225c4b77b56951a85fbb7
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fe03bfd95a2d4e640ed7d04dcb08ef991c327a5ab6f6fdb9eb06e1efc76af30
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
60615cf3ddf0b34046ce24ba4a0f5a5c352c10a9ae6e03043b93f8e0f5c6b509
60a6fc293c6b2baa2d1614c1e684917cb73d7b72b99f87ac877fffa5454771b9
60e04dcb9483e44801771aab65df07bfa3fabbaf9a4386fd05f568d0e4d8710d
6318394f737c66f0e2ccfcd88e3935c6667633a1b95fa29fba2b75431d55eef2
65cb639ca35f9b410dc800eaa2204079224ff907da1ca90575c1c27b94980373
672e29b030b9b17c9cc70beb24af4c41eaf8ce9a0491c655ab9a1c88ab287021
6a903fd0d42ff840709272f809535d73a5fe017b146eb64e0a7a7362a7c7c0d2
6cd0c4089a15e56e8b7abfa14a60103b9b2ab530b37ab9b4db66489cc3169c76
6cd0d6897b3d4779f7d88ce72531f22fbf75851b195fb14e6f3f23d051b3d1e9
6dd7a42aca22ccb0e00a71127c7e148fcf01b121a461758da978c32387e4c184
7131800632c35c99973b6f0d83eced85e97b4c8ca4db1561be009808dc9c4121
71ff931602c1a625cccf6a651066666b93075b9e433a538447c565636c099b9a
76646f5c75f026c85dcd17b80ee40e0656aecf9e9d0a35225975e5eb47211d6c
7761979199bf20d25fe4726392f9e6c268295e5d179b2bb5a683cb10fb6ad0d2
7837e876f1eef549b3250b78380ec2df00ad6da4da6c27667424b1636854df3c
78c07821deafc1b532dacb8e2b46275d276ac5a7fe165a83f641b171e31cd18e
79a1fd9f71c69648edfe742cc8b1d2141a95d063e630aaa06a5cdf5faa50650d
79a636d2c8ace706866349aaf2d1661b25c94a9523ab602e32d106fbba2a2b23
7b8774ee42aac08bc5a2e690896b80dc20953e86dc152dc5b344b589df74273e
7c1cbb60eb0258c75e0899c8b9aebad368df98fe59083fd42df3d2b9de0ea335
7cc38018eda7a5362f79b1e8309a59cceb0121094230ae51b1bcc8b2074a2024
8015b81bf5226b87c9fb5a1d6e25697e9a40e836dd432e5450e2cf1844a92df9
80ee2d8ce5d2a3f78fc3b8eaa67bc266645c58b96d8a804556f1e6cb8737d0cf
825d138e861045ba4e9f24dd71f54b70359f52363ce1bd8641769e91f30e43db
83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a
85a096c073faa7b2f0cd16adf42aef4c64f0e2b34dedcd1379b6cc48e126f7fa
8638f3568cf35b04429b02b36b4f4e37baa12bf47b618e530dfa728022c1d41c
8b54a946205233b29cbcea01f70d20c4c1897fce9d99635f6168763b6e686ff2
8c7b13055b12cc26112c6ce2b748d00ea679faedc55eaf8e6354c6140a4da089
8e49b984d20b3e7cb3f2c4a08805dc3f66bb8a58ec08c365d0cf955dd57c77c7
90e5243c11607e4a858e3edbfcb8f3401bd0cb682c48c1c10b023b9d5e38e7eb
95c46541396b520fceb5876ef0162a915034c342ab21cc0465fe085ff366a383
96fa5858b5c4db4491e6983151fd91ef3da487bc349a65868d178efba6e9c224
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9c6975c674a7c3077bd95750428313e78b92d370b90ca5a303b627c71d2afcf3
9c911e789736e8fd135150b37a76c1ba419165a805760cb38e8ba3eeef52fa75
9f5ea4707945bf80aca93756c3138990a008f91e292c8effd5f9d9b3677d4c72
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a3202c5584350517cab7f1de0d43d54db0979c449df18fe70241e8c35de80919
a3b71441a554fbb4339b53ff2f6218050817f236b595498407298c85ec0064bd
a3f3c672d05edee11fd2baecaba1e7ea3bc71b7fcac9bbdbddd564af7ee6c226
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5212937ce003060cb7e24996dd5df14074c399512a7f080177b8d085951f3ca
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a617ceea1bb0b8e9f01a9c18853ec6abce371fc0d16c136cd8cba72348a7eaa5
abbc5e1bc18c31744d8fb582b2648b13338a2036b98e35184c6461ab1eadf16e
abcdc607967d98da9df4700d22fae97f064ac1689672214c84263a102319a1c9
ad0143eabe9dd325f34d5120a12a19df28e63e0dae2c85fc0ab664be125e8da1
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
b57d52fba6d65cfb92c686e89952b79f6df2e731e221cabeee0071476bd4b52c
b64fd8674a2eee345026676428bc4f3500e2bf92e05bb810707d40a933287235
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8b131949e1dc4bb6fce3282556ef82678ebfcd67607760c8e8ec3fa5eb0467a
b958e0f47861dde13a175cc69494bdb54f08e2b5e78cecf6abd16470d2085257
b96cc9e86d0ada99540a597c681bd9e8da533bce99134e1a6b387a5dce3d1e46
ba45b9535d8b81f446e72a0f37425bb253fe5a084d71d58830fb19f48d3f3529
bc86c4faa29af0fa38ee57e2045b39b538b8f04ceb3ffb46cc1bcbbd9797f935
be921ee4f5ad24cf0fe14f3c528c900edb5f5a3229cbc47cc282957271fa709d
c35529095f6b1a1b2f9345e8d7e86532048ffbfdd082f03ed114be88865388df
c6571876dfcbb11c6d3433e714f76c8acbf206b2be801cb65f63f18b9e3d510e
c6c90a9b3443352d72701940c7d481187437570b43156c994ce6a7f90c67eb9e
c8ccfa5c23b7fb8848ee26de498408961555235ec2c49e15e65a9bba6692d89f
caceb5c6afee7548a5281cfe5be7af62aee13db7652c5425af34a7d2661dd9fd
cc74ed96b7cded3057097292949692d7a212bcadd50a213a9ad78ddd55ba81e6
cc7e27c4fa7ed200990db28034fc400fc06d3f2b9edf1ed03e180606d22186e1
ccb943cf9639adeb937311f3f3f7dc3470457a389503cda2f15a147bb7cd2847
cd3c21db58383e67406558a08962488ed59dc0de0301fc3ee15665b0a7bd71e7
cdf3f88beb166e98d2656e957b247c886d1702027559a290e74a02d58d950c8c
cf6c56fe71c3a0a2ee4e9e6e1760949e1fc2fe68ed6edee89d72c2156b3a7cd1
d05921972a05d43b86b07c7e074afff197f96c2f953a9f8595c2b59ba34cc3d9
d12a71cd626ac8f0fc91e6f1b98280cfb49fd724f2dcc118d192adff9a0154b4
d1fb6dc93affe11e3517f29664e43427297481e97115c13724eeaf6a8eda339d
d36e5d7328268d21c6941039a7b6a15c7ed7414f60dbee72d2231d11ac9bdaf3
d5f3085127d154cbd72e219052312767d460633fafa6e38bb9a9446ddb03a270
d64c12a76a61096f3a14aa795d12c3fc0de8e5781ef2e1af3b66517e65d7f00e
d6e97fe541e9f9a1fb6278272313cbd2943e304db05d3b1b681f8e31eeb03dec
d726e17f93c7242a22453cbeb9b7a58cb9724b5e2047e4057d363f53cb65ef85
d7496e5f8eb0c4dd0f969ba1473fff6871f639dfddc2720c630811b2a3529b2e
d74faf3dba15909820c656f6c8a266891f47becd215f5d1d43b1855577e76584
df5e22297ed3d8adb16010aff58d84031e10ba012c8a52dd5a7a283fc33f91c2
df601a5c34af6e6e95ad412dc72fce47d063cafa1e675442342a9c4991acfcac
e152953c298ef03794892fce548d8894d41c8e196af1d8bdf00c59153a6b5790
e1b0066bc1972444c0a15e1778be06ed7bf36c55d597c065b5e79041bcda291e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3cae0dc19e204c491b244c2a277bd905fe7dc381d927dc867dbfe4382a0398d
e60a3d9e5e60abd14d62324a850de1bd9e7e99d3f2153daf6dd1637cb35b2e67
e73356d7f272c8b109ef3b61568f5502c6f6b7fb698d4446364c9a02965f985b
ec7d69015be507ee6045d259f50b6cf8ccb52ec7b41ec1bf50fee681683bea60
eea0b9621509f98be77c5af1e9b5c952a675bda2b27c419876364017069e0c19
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efceae2f2475075b2e737e584c68fb69a695eb636a72970570ef0369138c77da
f14fdd346b1ec64d40a6a03c7cfb4561f784e8249c1fde667bf018ccff66c238
f1b5bcbc564238e76f3fe1beaa687f04b4f8599de33680881a34df9732ea3662
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f42aebac13af38b697e9013a6eed3aa0cb40d06f70c628847797f56cca9d46df
f4f6ef8d342aa3daf84864f96c0dc284b33734536f1549485d0d637889e860d7
f6a3f52528956148eebb0a801086108795d4d9110dddb33d7ac4b2d4be11f8dd
f6ccb27c8356d9bd27a7fb525fccb5c0f6b316581704bc930fed83edb30dfc3f
f8824f04f3bb9580a0a78786e1437d3e6a8f7ee9ba3d162e9c9f4f54d80ae6ad
fc3d0a4eba928128909eff5a305ebb2b7234d404f0914a7544128fdfe64e2f5a
ffbf2d2525e0baabd5fdf5289510e03e86ccb28dc9767ef58bf483077f3bfc75

www.yinksukblog.com.ng Open in urlscan Pro 162.241.218.217 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

311 Requests

99 %HTTPS

54 %IPv6

33 Domains

52 Subdomains

41 IPs

6 Countries

6153 kBTransfer

9523 kBSize

6 Cookies

30 Outgoing links

Redirected requests

311 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.yinksukblog.com.ng Open in urlscan Pro
162.241.218.217 Public Scan

Screenshot
Live screenshot

Full Image

311
Requests

99 %
HTTPS

54 %
IPv6

33
Domains

52
Subdomains

41
IPs

6
Countries

6153 kB
Transfer

9523 kB
Size

6
Cookies

311 HTTP transactions
9 data transactions