kooorahd.egtly.com Open in urlscan Pro
2a02:4780:27:1276:0:6cf:958c:2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://kooorahd.egtly.com/
Submission: On March 24 via api (March 24th 2024, 4:53:37 pm UTC) from US — Scanned from US

Summary HTTP 179 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 24 IPs in 3 countries across 12 domains to perform 179 HTTP transactions. The main IP is 2a02:4780:27:1276:0:6cf:958c:2, located in Paris, France and belongs to AS-HOSTINGER, CY. The main domain is kooorahd.egtly.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on March 23rd 2024. Valid for: 3 months.

This is the only time kooorahd.egtly.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	2a02:4780:27:... 2a02:4780:27:1276:0:6cf:958c:2	47583 (AS-HOSTINGER) (AS-HOSTINGER)
3	2607:f8b0:400... 2607:f8b0:4006:80b::200a	15169 (GOOGLE) (GOOGLE)
36	2607:f8b0:400... 2607:f8b0:4006:80d::2002	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4006:80e::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:809::200a	15169 (GOOGLE) (GOOGLE)
9	2607:f8b0:400... 2607:f8b0:4006:820::2002	15169 (GOOGLE) (GOOGLE)
11	2607:f8b0:400... 2607:f8b0:4006:81f::200e	15169 (GOOGLE) (GOOGLE)
21	2607:f8b0:400... 2607:f8b0:4006:824::2001	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
1 4	107.21.5.194 107.21.5.194	14618 (AMAZON-AES) (AMAZON-AES)
2	172.253.62.157 172.253.62.157	15169 (GOOGLE) (GOOGLE)
19	2607:f8b0:400... 2607:f8b0:4006:817::2006	15169 (GOOGLE) (GOOGLE)
5	142.250.72.102 142.250.72.102	15169 (GOOGLE) (GOOGLE)
9 12	142.250.65.162 142.250.65.162	15169 (GOOGLE) (GOOGLE)
6 12	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6 9	68.67.160.24 68.67.160.24	29990 (ASN-APPNEX) (ASN-APPNEX)
5	2a00:1450:400... 2a00:1450:400f:804::2003	15169 (GOOGLE) (GOOGLE)
1	172.64.151.202 172.64.151.202	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2600:9000:23c... 2600:9000:23cb:a000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2607:f8b0:400... 2607:f8b0:4006:820::200e	() ()
2	2607:f8b0:400... 2607:f8b0:4006:15::7	() ()
16	2600:1f13:800... 2600:1f13:800:7780:8013:28a0:ac77:5947	() ()
1	2607:f8b0:400... 2607:f8b0:4006:824::2004	() ()
179	24

19 2a02:4780:27:1276:0:6cf:958c:2 (Paris, France)

ASN47583 (AS-HOSTINGER, CY)

kooorahd.egtly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:80b::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

36 2607:f8b0:4006:80d::2002 (United States)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80e::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::200a (United States)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:820::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2607:f8b0:4006:81f::200e (United States)

ASN15169 (GOOGLE, US)

fundingchoicesmessages.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2607:f8b0:4006:824::2001 (United States)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 107.21.5.194 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-21-5-194.compute-1.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.62.157 (United States)

ASN15169 (GOOGLE, US)
PTR: bc-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2607:f8b0:4006:817::2006 (United States)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.72.102 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s32-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.65.162 (Plainview, United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s71-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.64.151.101 (San Francisco, United States) 6 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 68.67.160.24 (New York, United States) 6 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:400f:804::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.202 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

vast.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:9000:23cb:a000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::200e (None, ) 1 redirects

ASN- ()

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:15::7 (None, )

ASN- ()

r2---sn-ab5sznzy.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2600:1f13:800:7780:8013:28a0:ac77:5947 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:824::2004 (None, )

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
57	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 143 tpc.googlesyndication.com — Cisco Umbrella Rank: 204	811 KB
28	doubleclick.net 9 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 bid.g.doubleclick.net — Cisco Umbrella Rank: 1305 ad.doubleclick.net — Cisco Umbrella Rank: 189 cm.g.doubleclick.net — Cisco Umbrella Rank: 353	189 KB
24	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 1092 static.adsafeprotected.com — Cisco Umbrella Rank: 895 dt.adsafeprotected.com	146 KB
22	2mdn.net 1 redirects s0.2mdn.net — Cisco Umbrella Rank: 413 gcdn.2mdn.net r2---sn-ab5sznzy.c.2mdn.net	2 MB
19	egtly.com kooorahd.egtly.com	378 KB
12	casalemedia.com 6 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 1179	6 KB
12	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 724 www.google.com	71 KB
9	adnxs.com 6 redirects ib.adnxs.com — Cisco Umbrella Rank: 371	10 KB
9	gstatic.com fonts.gstatic.com csi.gstatic.com	93 KB
7	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110 ajax.googleapis.com — Cisco Umbrella Rank: 716 imasdk.googleapis.com — Cisco Umbrella Rank: 666	142 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 387	25 KB
1	doubleverify.com vast.doubleverify.com — Cisco Umbrella Rank: 1904	5 KB
179	12

	Domain	Requested by
36	pagead2.googlesyndication.com	kooorahd.egtly.com pagead2.googlesyndication.com googleads.g.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com
21	tpc.googlesyndication.com	kooorahd.egtly.com googleads.g.doubleclick.net tpc.googlesyndication.com imasdk.googleapis.com pagead2.googlesyndication.com
19	s0.2mdn.net	googleads.g.doubleclick.net kooorahd.egtly.com s0.2mdn.net
19	kooorahd.egtly.com	kooorahd.egtly.com
16	dt.adsafeprotected.com	googleads.g.doubleclick.net
12	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
11	fundingchoicesmessages.google.com	pagead2.googlesyndication.com
9	ib.adnxs.com	6 redirects googleads.g.doubleclick.net
9	googleads.g.doubleclick.net	pagead2.googlesyndication.com kooorahd.egtly.com googleads.g.doubleclick.net
5	csi.gstatic.com	imasdk.googleapis.com
5	ad.doubleclick.net	kooorahd.egtly.com
4	static.adsafeprotected.com	pixel.adsafeprotected.com googleads.g.doubleclick.net
4	pixel.adsafeprotected.com	1 redirects kooorahd.egtly.com googleads.g.doubleclick.net
4	fonts.gstatic.com	fonts.googleapis.com
3	imasdk.googleapis.com	kooorahd.egtly.com
3	fonts.googleapis.com	kooorahd.egtly.com ajax.googleapis.com
2	r2---sn-ab5sznzy.c.2mdn.net	kooorahd.egtly.com
2	bid.g.doubleclick.net	kooorahd.egtly.com imasdk.googleapis.com
1	www.google.com	tpc.googlesyndication.com
1	gcdn.2mdn.net	1 redirects
1	cdnjs.cloudflare.com	s0.2mdn.net
1	vast.doubleverify.com	imasdk.googleapis.com
1	ajax.googleapis.com	kooorahd.egtly.com
179	24

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com

Subject Issuer	Validity	Valid
kooorahd.egtly.com ZeroSSL RSA Domain Secure Site CA	`2024-03-23` - `2024-06-21`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M03	`2024-02-28` - `2025-03-28`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
vast.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2023-06-11` - `2024-07-12`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M01	`2023-05-09` - `2024-06-06`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2024-03-12` - `2024-05-21`	2 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh

This page contains 21 frames:

Primary Page: https://kooorahd.egtly.com/
Frame ID: CC752CB39769935A41C01DBA63A2E519
Requests: 45 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8256239325859871&output=html&adk=2969136045&adf=3689892565&lmt=1711299210&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fkooorahd.egtly.com%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1711299209873&bpp=5&bdt=502&idt=329&shv=r20240320&mjsv=m202403190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6266565980948&frm=20&pv=2&ga_vid=406043218.1711299210&ga_sid=1711299210&ga_hid=1748173894&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081575%2C31082032%2C95322183&oid=2&pvsid=240704526235184&tmod=827056445&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=364
Frame ID: 646828F55A558DF58CB17C4952A5C26D
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Frame ID: 0318DD1AA923476A52F262E5DF3021FD
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Frame ID: 8369656E3A72BBFA695D2A831D4F67A2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Frame ID: 69D458A5B1B4FC82F0B25FCECE343836
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Frame ID: 589336292F13F63764E1324BC83A6A79
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js
Frame ID: 79CB2E932CA46A88B8158EBFC1FF938A
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COT69gIQt-z_qwIYk8zLgQIwAQ&v=APEucNWqfnDeA3n-u8rC3yblh9uNPM3v2U-4rDId3Re2PL0HCT2hRJiDpG88PWEM01fbmyDFErjXWnZn5_SkVbePK1BewOAr8A
Frame ID: CE947AA344F1794DE9DAF202741875F8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 9F45080828BD0712D50C60DC7575766E
Requests: 39 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCYwOyiAxjax_H4ATAB&v=APEucNUXiqb8755Ql4Q9g6yel58O1R0HfM-5wes_wjLLJpdML5F8qV0tfQg0KQSvJVDlyorLnfO27f2K2XFb5oeAZunrrwVkfw
Frame ID: 45874AE009CE44AC29AD12119E9B0006
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIiFjPQFEJjX8v0FGNn2z4kCMAE&v=APEucNW7k3xutXUeFmDhlrunu6mRTTYBmVA8SpSxyoL_yQh2P-K6u2v3fJZAX3RmUOUiehxVDi0HSADp2Eq9FPBVJ0n_wHDvVQ
Frame ID: 9F13A908ABD9B7ABB918FFE6F23C0B7B
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js
Frame ID: 74F223CA9A6FFF9C77872D8136B1765C
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 1254C49C3D151E85233B9660E9C99931
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 14895AA7D427F52F5ADAF6857026ADD0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 51D1E19BC35FF201B7203EBB5A98A6D7
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
Frame ID: 98D004806D2ACF16C31C877DDFD02212
Requests: 17 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 5F586C40634768727351CD24B3B25C43
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 85F8192ABC5D52C22BE910F3271E1E92
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 07756F8DC1831B444F676C042BEB7898
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 20F57A20E27B1DD16BF85464D38714D6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 18B4C163C479681A55AF56BBFF21EAC4
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

KOOORA HD

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
googleapis\.com/.+webfont

Lightbox (JavaScript Libraries) Expand

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

179
Requests

92 %
HTTPS

71 %
IPv6

12
Domains

24
Subdomains

24
IPs

3
Countries

4134 kB
Transfer

7613 kB
Size

14
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/profile.php?id=61555330214874
Title: فيسبوك

Search URL Search Domain Scan URL

URL: https://twitter.com/ahmedalaa242098
Title: X

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 76

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 77

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Request Chain 78

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Request Chain 79

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 80

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 81

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Request Chain 82

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Request Chain 83

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 84

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

Request Chain 85

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Request Chain 86

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Request Chain 122

https://gcdn.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/51AF78C7B3AB58C413F662EAFCC4DAD8102A93C2.AF07D69DEF6EF6020F7314B4E377C3099FC66A07/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FB308866E601D01CAC0DDEE5F8EF53F87F276C8.737679A4D1032F9D296D6E17D48AE32352039AFA/key/cms1/cms_redirect/yes/mh/K1/mip/2a0d:5600:24:1500:1012:6c0c:b8c6:ce5d/mm/42/mn/sn-ab5sznzy/ms/onc/mt/1711298912/mv/m/mvi/2/pl/48/file/file.mp4

Request Chain 126

https://pixel.adsafeprotected.com/rfw/st/1914617/77686741/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1015318397&ias_pubId=pub-8256239325859871&ias_chanId=1&ias_placementId=20914945668&bidurl=https://kooorahd.egtly.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0j7yzwO59aAfgHshtYf1js3&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html%23RS-1-%26adk%3D2969136043%26client%3Dca-pub-8256239325859871%26fa%3D3%26ifi%3D3%26uci%3Da!3%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:51445a0e-4f5b-72a3-fe74-d91c24ade985,c:7QZJLb,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c45d7cb47-r77fc,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:354,mot:0,app:0,maw:0,tdt:s,fm:u7Xv679+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,tt:rjss,et:366,oid:0be8c3ba-e9ff-11ee-8d46-4649cca5d97e,v:19.8.491,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

179 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
kooorahd.egtly.com/ 56 KB
17 KB 614ms
341ms Document
text/html 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed / PHP/8.1.27

Resource Hash

40d7ca6df590de3c75bd7a261d15645187b90dbf56304b2de8c84d9dc9b0f52a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Sun, 24 Mar 2024 16:53:29 GMT
link: <https://kooorahd.egtly.com/index.php?rest_route=/>; rel="https://api.w.org/"
platform: hostinger
server: LiteSpeed
vary: Accept-Encoding
x-powered-by: PHP/8.1.27

GET
H2 200 notosanskufiarabic
fonts.googleapis.com/earlyaccess/ 1 KB
634 B 100ms
42ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/earlyaccess/notosanskufiarabic?ver=6.4.3

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e7713795cd12f9b0d56c032d0ea4bd3d083b1676354257c9346d5591198c3a85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
expires: Sun, 24 Mar 2024 16:53:29 GMT

GET
H2 200 style-rtl.min.css
kooorahd.egtly.com/wp-includes/css/dist/block-library/ 107 KB
13 KB 94ms
82ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-includes/css/dist/block-library/style-rtl.min.css?ver=6.4.3

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6372b5a8e5fc57b424acbfd4b2f698e05b9f9a8a9f62294a95b14e83077fac2b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 13:54:35 GMT
server: LiteSpeed
etag: "1ad94-65fedf1b-f8987b08b47a5563;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 13280
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 base.min.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/css/ 43 KB
8 KB 95ms
83ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/base.min.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

50a1faa1a9f60f47e2727851488dbc80dc2bacae886a48a14eb1ac654058b004

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "ab7f-65ff0de7-7b27f24fbcc6568f;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 8277
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 style.min.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/css/ 153 KB
24 KB 96ms
85ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/style.min.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

1ca0680c88a40021340bacf76fe43ce39d7943184fe189f12986e734b4407d51

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "26400-65ff0de7-1368c43a334052d7;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 24053
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 widgets.min.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/css/ 46 KB
8 KB 186ms
175ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/widgets.min.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

b164963a8c9343cf6c2f7dab172aa7ea7e0deeead44f488e35eeb899c0fd1ae2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "b973-65ff0de7-7731ee83605b41ca;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 8104
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 helpers.min.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/css/ 38 KB
7 KB 187ms
176ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

ce7a87c1271052d63a096e6e71c40d45ad55c944d8a67c1996922e067f33ea4a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "992f-65ff0de7-2abea99e6d7d0118;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 7212
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 fontawesome.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/css/ 57 KB
12 KB 187ms
177ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/fontawesome.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

0f79c64f686102f8cc72db584b52c51dbd0720d7ade9a3284a3520bd91dc5328

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "e526-65ff0de7-f8b5cd468fd04cad;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 12003
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 skin.css
kooorahd.egtly.com/wp-content/themes/jannah/assets/ilightbox/dark-skin/ 12 KB
2 KB 189ms
179ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/ilightbox/dark-skin/skin.css?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

4879dcab21b2218432075c33aff13cea89de4f392f749eaef3df339f3f694c72

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "2ef2-65ff0de7-b1bc96f07b2f59e7;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 2036
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 jquery.min.js Show response
kooorahd.egtly.com/wp-includes/js/jquery/ 86 KB
29 KB 190ms
180ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 13:54:35 GMT
server: LiteSpeed
etag: "15601-65fedf1b-3f87f28c6ed97ab6;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 29531
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 jquery-migrate.min.js Show response
kooorahd.egtly.com/wp-includes/js/jquery/ 13 KB
5 KB 190ms
180ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 13:54:35 GMT
server: LiteSpeed
etag: "3509-65fedf1b-35b80a4bee5caacc;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 4671
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 rtl.css
kooorahd.egtly.com/wp-content/themes/jannah/ 40 KB
7 KB 189ms
180ms Stylesheet
text/css 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/rtl.css

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

a589cd1aca37b285ea34723d2a61f443838e10d9f198ae493d999edbd933a60a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "9fb9-65ff0de7-2ac17d6a5a636d69;br"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 6624
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
50 KB 141ms
96ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8256239325859871

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

015d2548eb03343d19e441f337ce7af7481fb037ecc0097db692571ef9af34d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51071
x-xss-protection: 0
server: cafe
etag: 15433154101106596146
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
link: <https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires: Sun, 24 Mar 2024 16:53:29 GMT

GET
H2 200 2024-03-23_235323-780x470-1-390x220.png
kooorahd.egtly.com/wp-content/uploads/2024/03/ 81 KB
81 KB 268ms
259ms Image
image/png 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kooorahd.egtly.com/wp-content/uploads/2024/03/2024-03-23_235323-780x470-1-390x220.png

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

6e43c7de3013abdc811b8de78db16022ebaecba9e888781818f2ca97be6ddffe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 22:26:17 GMT
server: LiteSpeed
etag: "14290-65ff5709-8b507096fd047ed3;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 82576
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 Untitled-390x220.jpg
kooorahd.egtly.com/wp-content/uploads/2024/03/ 16 KB
16 KB 267ms
259ms Image
image/jpeg 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kooorahd.egtly.com/wp-content/uploads/2024/03/Untitled-390x220.jpg

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

df447dfee5dea8c301a4a0caa0588e77ac25c6bb8a283c56ab96cf5c851b618b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 21:18:39 GMT
server: LiteSpeed
etag: "406d-65ff472f-8e42df37b66b372c;;;"
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 16493
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 2024-03-23_220809-780x470-1-390x220.png
kooorahd.egtly.com/wp-content/uploads/2024/03/ 86 KB
86 KB 267ms
260ms Image
image/png 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://kooorahd.egtly.com/wp-content/uploads/2024/03/2024-03-23_220809-780x470-1-390x220.png

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

64de305de498d050399b770401193e8035b42628fac716bd90e1a0a8deeba9ac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 20:26:14 GMT
server: LiteSpeed
etag: "1570f-65ff3ae6-90b59f520a026495;;;"
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 87823
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H3 200 scripts.min.js Show response
kooorahd.egtly.com/wp-content/themes/jannah/assets/js/ 23 KB
7 KB 91ms
89ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/js/scripts.min.js?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

8b58887660dca72c67a2ddc08f2ef9e1ee892069a712b287038821f04a31a2c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "5c6a-65ff0de7-d8ef9e16484592cb;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 6941
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H3 200 lightbox.js Show response
kooorahd.egtly.com/wp-content/themes/jannah/assets/ilightbox/ 80 KB
24 KB 91ms
90ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/ilightbox/lightbox.js?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

f0df5bac42e20b19dafbdf42b5480133ffdf8885bf9d4fd9a8fa3043e3efd2ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "13e34-65ff0de7-37eefa26f21773b0;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 24169
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H3 200 desktop.min.js Show response
kooorahd.egtly.com/wp-content/themes/jannah/assets/js/ 18 KB
5 KB 111ms
110ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/js/desktop.min.js?ver=7.1.2

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

b66fc18fef504d695b9c3dd1596d4fce5f282ac0fa71709302ed647c76292a15

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "4721-65ff0de7-a0c89cea89df520;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 5558
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
BLOB 200
OK 665610b6-4d55-468d-b7d4-59748fbb666b
https://kooorahd.egtly.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://kooorahd.egtly.com/665610b6-4d55-468d-b7d4-59748fbb666b
Requested by: Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 NotoSansKufiArabic-Bold.woff2
fonts.gstatic.com/ea/notosanskufiarabic/v2/ 31 KB
31 KB 75ms
27ms Font
font/woff2 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/ea/notosanskufiarabic/v2/NotoSansKufiArabic-Bold.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/earlyaccess/notosanskufiarabic?ver=6.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df69e4f334e2275515a11cd543074c487f33b69b0ea84e5e413e4767b52bbb31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 04:28:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 303884
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31230
x-xss-protection: 0
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Mar 2025 04:28:45 GMT

GET
H3 200 tielabs-fonticon.ttf
kooorahd.egtly.com/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/ 40 KB
23 KB 100ms
99ms Font
application/x-font-ttf 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-content/themes/jannah/assets/fonts/tielabs-fonticon/tielabs-fonticon.ttf?ciufdj

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=7.1.2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

af1b202f16299aa05efb9d5c07aeadea3171ae3530ca5873c8e100c46cfacec3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://kooorahd.egtly.com/wp-content/themes/jannah/assets/css/helpers.min.css?ver=7.1.2
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 17:14:15 GMT
server: LiteSpeed
etag: "9f88-65ff0de7-73b883da84faac4b;br"
vary: Accept-Encoding
content-type: application/x-font-ttf
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 23934
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H2 200 NotoSansKufiArabic-Regular.woff2
fonts.gstatic.com/ea/notosanskufiarabic/v2/ 30 KB
31 KB 62ms
15ms Font
font/woff2 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/ea/notosanskufiarabic/v2/NotoSansKufiArabic-Regular.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/earlyaccess/notosanskufiarabic?ver=6.4.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3772492945729b74df8752540cffab2620d6c466ec11e4fc0c8ccdebcf3752b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 06:25:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 296851
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31049
x-xss-protection: 0
last-modified: Wed, 13 Aug 2014 16:50:04 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
vary: Accept-Encoding
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Mar 2025 06:25:58 GMT

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ 13 KB
6 KB 41ms
10ms Script
text/javascript 2607:f8b0:4006:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 04:14:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 304746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Mar 2025 04:14:23 GMT

GET
H3 200 wp-emoji-release.min.js Show response
kooorahd.egtly.com/wp-includes/js/ 18 KB
5 KB 87ms
85ms Script
application/x-javascript 2a02:4780:27:1276:0:6cf:958c:2
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://kooorahd.egtly.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.3

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a02:4780:27:1276:0:6cf:958c:2 Paris, France, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
content-security-policy: upgrade-insecure-requests
last-modified: Sat, 23 Mar 2024 13:54:35 GMT
server: LiteSpeed
etag: "4904-65fedf1b-e3dc5a99d7a89c7f;br"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=604800
accept-ranges: bytes
platform: hostinger
content-length: 4605
expires: Sun, 31 Mar 2024 16:53:29 GMT

GET
H3 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/ 407 KB
138 KB 161ms
134ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-8256239325859871

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd35fc4d55ec726ac0b407386a5125ccc1f9eca53610b0adc253a4e088681176

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 141396
x-xss-protection: 0
server: cafe
etag: 3006228887941791586
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 16:53:29 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
797 B 32ms
31ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Marhey:100,regular&subset=latin&display=swap

Requested by

Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7b55c2985622d34d7082f7d6ebf2400b470931d72c84a387cbc8c54ddb67487f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 24 Mar 2024 16:53:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 24 Mar 2024 16:53:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 24 Mar 2024 16:53:29 GMT

GET
H2 200 x3d8ck7Laq-T7wl7mqfVrEe9sDvtBctwC2AdiQ.woff2
fonts.gstatic.com/s/marhey/v6/ 15 KB
16 KB 17ms
12ms Font
font/woff2 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/marhey/v6/x3d8ck7Laq-T7wl7mqfVrEe9sDvtBctwC2AdiQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Marhey:100,regular&subset=latin&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

98b0a64881ac47591dd409dde52c030d372b4b66afea15610a4a9e8f271a797e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 09:15:30 GMT
x-content-type-options: nosniff
age: 373079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15864
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 21:10:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 09:15:30 GMT

GET
H3 200 x3d8ck7Laq-T7wl7mqfVrEe9sDvtBctwC2UdiVev.woff2
fonts.gstatic.com/s/marhey/v6/ 16 KB
16 KB 23ms
21ms Font
font/woff2 2607:f8b0:4006:80e::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/marhey/v6/x3d8ck7Laq-T7wl7mqfVrEe9sDvtBctwC2UdiVev.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Marhey:100,regular&subset=latin&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80e::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1ac95da385417bc88382ae242f2006e957e26a72e2c897e1bc453bf1ae6e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://kooorahd.egtly.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 12:24:06 GMT
x-content-type-options: nosniff
age: 275363
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16212
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:41:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 21 Mar 2025 12:24:06 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6468 427 KB
112 KB 995ms
961ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8256239325859871&output=html&adk=2969136045&adf=3689892565&lmt=1711299210&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=188x945_l%7C188x945_r&format=0x0&url=https%3A%2F%2Fkooorahd.egtly.com%2F&pra=5&wgl=1&easpi=0&asro=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1711299209873&bpp=5&bdt=502&idt=329&shv=r20240320&mjsv=m202403190101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=6266565980948&frm=20&pv=2&ga_vid=406043218.1711299210&ga_sid=1711299210&ga_hid=1748173894&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C31081575%2C31082032%2C95322183&oid=2&pvsid=240704526235184&tmod=827056445&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=364

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2a1dd5dc216fcb89c844d66a4dfe7073c50da7891869b357f46a91e067080af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 114225
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 24 Mar 2024 16:53:31 GMT
expires: Sun, 24 Mar 2024 16:53:31 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/ 167 KB
56 KB 98ms
97ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/reactive_library_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1afd73c344439fa1bd92896f7a6da5287e8bc436f2e78d0ae18eb27114a1e52c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57624
x-xss-protection: 0
server: cafe
etag: 16236201071493766785
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 16:53:31 GMT

GET
H2 200 ca-pub-8256239325859871 Show response
fundingchoicesmessages.google.com/i/ 183 KB
61 KB 93ms
53ms Script
application/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/ca-pub-8256239325859871?ers=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00d0a056f2945930508baa7e6305912659f90cb6db7e49678855f6e7cead5832

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-cYE70746T9CzcpVihBFC1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:31 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-cYE70746T9CzcpVihBFC1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw1ZBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTD0b21cQObwIaWs28YAdbnMPI"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/ Frame 0318 9 KB
4 KB 17ms
15ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 78686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 23 Mar 2024 19:02:05 GMT
etag: 5035419970550746386
expires: Sat, 06 Apr 2024 19:02:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/ Frame 8369 9 KB
4 KB 16ms
2ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 78686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 23 Mar 2024 19:02:05 GMT
etag: 5035419970550746386
expires: Sat, 06 Apr 2024 19:02:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/ Frame 69D4 9 KB
4 KB 36ms
26ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 78686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 23 Mar 2024 19:02:05 GMT
etag: 5035419970550746386
expires: Sat, 06 Apr 2024 19:02:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/ Frame 5893 9 KB
4 KB 32ms
26ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 78686
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4155
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sat, 23 Mar 2024 19:02:05 GMT
etag: 5035419970550746386
expires: Sat, 06 Apr 2024 19:02:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 AGSKWxXSuKyHUhRqYexSeYK0X5ArtSAi49GHPQCGE6nTOOfjZh4HvyXerIegyk3eCuL6QNTgMAarZtInjjoSZkPtIgAOzcUgzKz3XY284mQDb4akrZKoorpXRcoyoYLx4hQ6iYZ2Y2etZw== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 52ms
45ms Script
application/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXSuKyHUhRqYexSeYK0X5ArtSAi49GHPQCGE6nTOOfjZh4HvyXerIegyk3eCuL6QNTgMAarZtInjjoSZkPtIgAOzcUgzKz3XY284mQDb4akrZKoorpXRcoyoYLx4hQ6iYZ2Y2etZw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExMjk5MjExLDc1MjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9rb29vcmFoZC5lZ3RseS5jb20vIixudWxsLFtbOCwiQlhYd0tNQUNvZmciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.BXXwKMACofg.es5.O/am=wA/d=1/rs=AJlcJMzP9RpEEDBSQfOOXNx4pQVwBx7XLQ/m=kernel_loader,loader_js_executable

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

55ff68079dbfb7ab5fcaf48316f11203412a259870fd01260804f669f6f8ef2f

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-LbSFo2ZYZzsej8rmfoWeIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:31 GMT
content-security-policy: script-src 'report-sample' 'nonce-LbSFo2ZYZzsej8rmfoWeIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmLw1ZBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTD0b21cQObwIT5d38yAQDajjET"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame 79CB 23 KB
9 KB 262ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:21:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66745
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9106
x-xss-protection: 0
server: cafe
etag: 8408112003982630589
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:21:07 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 79CB 9 KB
773 B 41ms
38ms Stylesheet
text/css 2607:f8b0:4006:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sun, 24 Mar 2024 16:53:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sun, 24 Mar 2024 15:48:59 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 24 Mar 2024 16:53:31 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/ Frame 79CB 15 KB
3 KB 263ms
0ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.css

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 14:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355349
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2939
x-xss-protection: 0
last-modified: Wed, 20 Mar 2024 10:39:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 14:11:03 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/ Frame 79CB 375 KB
130 KB 286ms
0ms Script
text/javascript 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94c21be1bfcb47969719229648026a622323618c801c94278fdfc44d862591f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 14:11:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 355349
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 133142
x-xss-protection: 0
last-modified: Wed, 20 Mar 2024 10:39:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 14:11:03 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 79CB 20 KB
8 KB 274ms
5ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8355
x-xss-protection: 0
server: cafe
etag: 17564575596476239644
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H2 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/ Frame 0318 15 KB
6 KB 272ms
6ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

df68f57ecda7de300bd2613e1619f481bcec4791f91634ceaa5ab9dc12493205

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:22:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6452
x-xss-protection: 0
server: cafe
etag: 12428443125520643955
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:22:42 GMT

GET
H2 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/ Frame 0318 22 KB
9 KB 274ms
7ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

14fafb150b976a0b5ac428c91e0825c33ba47b251f2bf349f4e1e5f954d9ad63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:22:42 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66650
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9112
x-xss-protection: 0
server: cafe
etag: 499061885667062015
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:22:42 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CE94 624 B
246 B 112ms
107ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COT69gIQt-z_qwIYk8zLgQIwAQ&v=APEucNWqfnDeA3n-u8rC3yblh9uNPM3v2U-4rDId3Re2PL0HCT2hRJiDpG88PWEM01fbmyDFErjXWnZn5_SkVbePK1BewOAr8A

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 24 Mar 2024 16:53:32 GMT
expires: Sun, 24 Mar 2024 16:53:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 9F45 94 KB
33 KB 99ms
85ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cdb7911dd984dc9b0840a0a94e711600b05dd72d612465fdb18ecfb67ea9e66c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:31 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33555
x-xss-protection: 0
server: cafe
etag: 7173713561822972903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 16:53:31 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 9F45 61 KB
15 KB 266ms
0ms Script
application/javascript 107.21.5.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=23963&advId=629143095&campId=20914945668&pubId=1&placementId=540206611&adsafe_par&bundleId=&dealId=&bidurl=https://kooorahd.egtly.com/
Requested by: Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.5.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-5-194.compute-1.amazonaws.com
Software: /
Resource Hash: 547048491674cd402b023868021cdd2dbfb867226dad1a438056561885533080

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 9F45 76 KB
26 KB 288ms
19ms Script
text/javascript 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUM7zJ8KKT7bh0LUM-IwTD8Uvf3jDvH_JLz9l47oA0zwdrN_wU&d=CrkBAKAmf-B-LEAs_eFvl5XJNJxLbLaa8kARMUUhBDIIsO42xXcO9f-Tth5IWkTYQSDr0fSTwf3Wg1xk0cb6naWFCvCf7Gdv6LkqDbuLn89qaahoRLt0B4d-PAaSqvbg6P54iaGcQVKCPigeYDGXT2o1RWUDc8N0zrRasZeInALjqc6kAu6IE6_Oqmc90J68UNM6Cj_r6Gz0eaj32CsCllmZAFbuinAWWISrynp_xc0xXMhjLg2HVwqKJmkS-RcAoCZ_4KwtgHlPNCQaEDtQXNQYKOGf5SQn0WnxAnTq0znE_1TUlQAaGWzQX9iDFiHhMSVZ-oEzHIHc1LyT2ZiXT2C_oTIZITreE2TpY_VACPdy5x81pNDFB2oTJysCTtMfNFKz2cueQOrlglgx65Sf7gMckO4JgUdva973BATpjAswhK403ckpNXk_QLUjVw3YFV8TZF5WAhGMy7cVLYtg3aAq0rgit6ZT85mIJ8OL3-5VVH2Xl_AHYpiuyLQMwG9W9n36g0LEP6KgEQDtwroJuuyKRhSx2GqTo-Fgyw95zO5uTVaZL96er5pXmA89SotmEfYZTjD5aiXmvhTA66ZIiaTzs26n-tM2BjMWSq78EmQK4BQVRy0_F9a8D83bvCANQbxek5zxrFHLzy1JFF1VG3Srjl6VS9HIyY79d3VgXlCh8CZxhpZdBVwbjiJe6wvO4CSrgQVUotc0jIPxiBQwHs5DUWATo6kp3ZKBLdriRf1JnoegaDt5GmT1jwodkww1ZkgMs0RMLAUkllcmwjiKY_SU2lIUXSZ7TLLBtUz5pDdeToIWLkTyWS51tHuFPsTG_UeH9TUzMZRyCX1xSgrJw45ZQSnhH7e4-zdkgamSH8nFlDDHIwNlgbtzSjf62qkBqNT67VOMomm4Di6-VZ23tRdwX9YIf8J5G4X_QIy3XSVTkpI2B-4BpL73i5QTi1FlBTfw9Dh8XpeWbcWb4B0hRuz6t1IqH1VHCgjHvAu72DxtIc4_8TGcLw-m0kDQwDYkh9hUycdDuxr_vf9v_JUaFobE-dUJP3YrY6OuENv3GJ6Hkm8fRAPXku4dFOLuWYosI_7ModbrO-X33avh7vdv08ba-JzH-_9Fz1H_TQaEroni_K5fmRGlc4ptFXMMOqzrhAaYM4cLCgzfkpM8HQycerzYd3iXl49I6RrSXieVf3WL4AQEiPL8LvHtnIqvJTiHejZLsreWKRZbLLFC434dY4-oF37kfEOdCQQXr7eDXgqSt0Zat2WNtUHUDpNNJlUamd49Rx9o98npTNb5nWWMCDS8sQBUXMAPMhPsQUWTFr6esB5NHIRoLhN__kgpIhnVBn_vBjvfBRNYhW4d2gJsMKNu-1cRNSvdDA4RJ8r4tryRTRF1JQAm41YqJNKs5N7TZad9pxf8FKPN4DmbTqnr7uVjqPHLVVrhzMZbcuhvFHAYcSpwXhFktvN9oaHbsNPPhDo_MkHlz8adyEGqSQdlsYvrbuThcN44UqjCyUrdGrlxK1ZGJPT2ICa1ZCBgvpgJnUEtkz-_wHxgqF47pDIbPaS_saOgDx-qLW2KiSn-jGOD9Iuiy1aYz4e2400R8x9-7bKELDPViw9Rny5FK0qwfbv-CCBVXnrqOMQeHmzXZC7Bz9_bRt2vDol6e93J093rPjS1jdU-ODO7DrA5cU6zxtIIRgeOrN7uXifDhVMcTBpW6UDAYNUeBLuRjEQ6VZRogNfeNPbI051iUco0M90gFqbf-7v3DWCOI9-5h3dmJFpOE3ZGfk8GNEZwaA8hSSScbH7fLfoCFui_tA_p247fZJPOayaX7brcDtqnChONU-ptRYycMKA5kZTNboyX6Ww0XjcbHwNQ9NUCZGTNt1JTBIlxgF87D1xARRqC6v7w2_vRN5WgrJ3-s-DV7uopGLwKzzzeeFtkd3YwGHaA3hLXVCuLGKtOhPdQCeWmkhNXQjhYmjKOK1KRbdLmqPJz_csqVuNZNNK20PvjLwY1pykZnm1MWRMPE11CgQgHK1YXj430O-qtj8BDRWq9_6hnqwoGeumwdWqqt0X4iU2B-U4Pzmvp4zVXYTslkDOC28jMEOIzJYrHuoD-7rXCdVkOeLDYkmgXSGCNnvT8gWhIdewwtr5KVw9PEw6ISLxMgmvUbR_W-Bwf2bS3B1y1sS7q7V3_uvLEnnNiHd97o1T8SoMDG5IQ5wS7bp4fystFVSUOEAqrPZt4wWcZnGuj_zK88c2FK3XqMr680ZW1JbBHHxADPVNb4kWMafvX2urQNd5ub043_snjZbNXtlWOFUVCOMtwlSnXfYrBZ0p4mZhHVyeiG1y_mZueGbR6ZCW33M0OylH5iNbUqC1gDYo-v5K4zwaIMV6fhmzC-l4PiYNJfeRzzoi79pAIj22pp0lUePlke1XeNlMy6lSUogWxUbjPkyDlDQcghr95GZt8eWbhQVxYVPzMnaU-6JTXalPhffvT3WXW-3MFUB8XS1weba7fOH-8B7l20x3HfUP1IH8MxIvX3Agxm5TmSbggvMncuRcLh7skOOvu0lzCXJWTRHFTtCUKiBlyon7ZguG7gmfyrlW4o923sqRkHalV2A3Wy7i5vje5CJYrhimHHJrIp0Qhf0WA5_q7xCaj4Cbs6PoqHK9UIJPTQD7hgtOfM3POP_T1r-JNcxADfqXHK5rObp1lRiM84ca2syDBOr0UCJWD-Ob6hxxUghbb17FRfFq-KEnfSzPKIELfRo0IEi6cQCNjbZcv8BD5TAvhu7vvzQzSuGRyNUzNqCgq1LJsU0AvMA9bKbXOFXgoI8eV96bh57slkD7YGELkHRzM9tlIPJBPOMu7He88w6uxdYwLUIrpTsT-22yLiOxvq2wpkfDviAey7SE8nsQSKZi6T0vFbyY1FvvlW5IxlEng8eE_S3BQw1__rvgk_mboyE4OkNz1bsQHhYGQOIr5kTN5eIduAyFhEXv6IWyNf3qXUnd-QNL8bs68-qj6WCAPv1AT-mTyuooWc9iMIQbFtMD0wXmE7SY8kb8EiArmKFTj6mSHV32YxAVSk1kdXZ1WfRf1tmQHdhWCONKWMSJ60iCtqDE0BZJ_D25xxHndXzYfcw6-WfADJQUsyTTVx0DHBFOHqb0k3ydriGReJ_csw5GyTum4kQ3sRRuokPWI090D8xoDClg2cJC6H8EGIAeWyntV06K0BubQzhRnICfr8TL8GE59OFibqsIgNAlQYL-0duIygd_ovuhbpkJce83vRq0wfi7u0VW7H7aT4HjHtdsLUs34aCpDNqAmD4Xjw7zFz8GWdD0cIGEkS-VfXbKInHn40AYFHLebPWFLyHnj2ZKzj-xBV3hYgq_1YyWRNenIz8f5_Xwpfsnny44ebejczBIdQAKhOkAR9E-CYlJasXAx0MXI4k2zv5fX1CqAoqo7aU4M0JAxrTc1VOI45lbYn80088yvsp3WIz2bACIY3YXKs1nzzM8VFO0VfSjpQYOAuZyPHK63uD4QcGE60hDT7WCWMK6xypZSR0bTGFfCt8CdygrJVjusD9e2lY1p5KgcsjZKA5DzTMFqDq_MT8faOoL412PD8-zQx72tTrjh6z6FhyDiNd7Fpewww0yY9Arx_C_izDz4iKnFtCYNseqFMKTON8u3XpedUmVCaSSO7Ui96ISsJ1Fp5Ih5BL87zhtfd3f0HgvmQIrKD7SYG7O36rTGbzvMiSQOjuHkwL4zBfRDtjZa_sqkRexEZ03etcJGpcXjQNi5bNceXu9avVOvFEnSjufGO7dfWYHHP7vFKEi8uhTA0lYCec9Lyq2CVnIr2NtuKE4zBKyvxa6NhGG7hq-o6mKzj-lt5vxvASzPioWI3r6gfmxwcxGuAJVsBaJWqVTgptanWSJvwtAyHVWq4_wdqiIX63UiMbsova8xt4lzTHdnikdYp2RWDioASpyS8u6J0CAdTDLmosIY50a8g-mYZuQr1hSBU3hxWU79hnVjgeODxlwQjZ4xVzx_N581M4lDqyl6TCwOG4Q32CmR0FvihwpydMqLTm5Jgo1C7_XeQZnguu8wFYOGmq-ILyJBdxV6uueXMHNU3rbhBoJ0WL6JnVNnkAsN5m7LrXXalYJXSbtsB6TfOw3FkZL3VR6wbuvJ5-k8pnfbVP_QrK6RJpNVBMybcBN5AI3PE4NIcnI288FdW_z1JCj-p7nuk62623C7gAKONh1oSji97zdsD5ZvuhJ7FgwW0j8fq7ZE1TOs2xhs24ECkMnfWs164FfUXNF3IuMqJizafzHyfmk1b-uk7daGnXXrVL2NNQLZZhz0k8V68ycfwk5WyNF4SA0qvPEmHW1Em3M9CS7lW2gzddqvDxpVCAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAWAB&cry=1

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

200341909a2a21a63f8817eb83c056ec34571e232ab55cc573ae717b15c0f0e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26366
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
pixel.adsafeprotected.com/rjss/st/1914617/77686741/ Frame 9F45 60 KB
14 KB 268ms
2ms Script
application/javascript 107.21.5.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/rjss/st/1914617/77686741/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1015318397&ias_pubId=pub-8256239325859871&ias_chanId=1&ias_placementId=20914945668&bidurl=https://kooorahd.egtly.com/&ias_dealId=&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0j7yzwO59aAfgHshtYf1js3
Requested by: Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.5.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-5-194.compute-1.amazonaws.com
Software: /
Resource Hash: 5247f03294c8fb5e170a1e794128ad4c20adf34728aeebd1ef0026aa63ca09cf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 9F45 3 KB
1 KB 242ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/window_focus_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 9F45 20 KB
8 KB 256ms
5ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8355
x-xss-protection: 0
server: cafe
etag: 17564575596476239644
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 9F45 206 KB
62 KB 24ms
12ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:26:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1613
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63909
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 17:26:38 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F45 42 B
63 B 83ms
71ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A0SQ1Xroxio1Hihfh2UNO6oNiyph5VkoGcVhKQBYSUNB5UOk46MnVw8bCNFuxYnXZVKiN1nfNnhYXp_8w3i2BxWOPB2bBuFkB3D-Hrx_oNeB-SF_I

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:31 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4587 624 B
246 B 105ms
96ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCYwOyiAxjax_H4ATAB&v=APEucNUXiqb8755Ql4Q9g6yel58O1R0HfM-5wes_wjLLJpdML5F8qV0tfQg0KQSvJVDlyorLnfO27f2K2XFb5oeAZunrrwVkfw

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 24 Mar 2024 16:53:32 GMT
expires: Sun, 24 Mar 2024 16:53:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame 69D4 23 KB
9 KB 86ms
76ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9106
x-xss-protection: 0
server: cafe
etag: 8408112003982630589
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:27:26 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/ Frame 69D4 8 KB
3 KB 83ms
75ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:27:26 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 69D4 41 KB
14 KB 40ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:52:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 07:52:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 69D4 3 KB
1 KB 48ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 69D4 20 KB
8 KB 46ms
7ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8355
x-xss-protection: 0
server: cafe
etag: 17564575596476239644
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 69D4 42 B
63 B 113ms
109ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-A2VeCAM4MQu3aNREantKFuUq0aiSb8UxY3LauKXVVGwEpfKhxLKGHVk5169sRx478jcP2DyexwG_lHqsKE3AJrUj6FMkai8eZpKf6fAJmwcmZ2Pkc

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 69D4 206 KB
62 KB 55ms
51ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:26:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1614
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63909
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 17:26:38 GMT

GET
H2 200 9221436395818446984
s0.2mdn.net/simgad/ Frame 69D4 21 KB
22 KB 118ms
6ms Image
image/jpeg 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/9221436395818446984

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

50ef9515403872e534f8293a3a2644e92abae2d81acb1b35f07970cb78411d80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Fri, 21 Mar 2025 04:00:24 GMT
date: Thu, 21 Mar 2024 04:00:24 GMT
x-content-type-options: nosniff
age: 305588
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21895
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 17:44:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 9F13 624 B
246 B 123ms
97ms Document
text/html 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CIiFjPQFEJjX8v0FGNn2z4kCMAE&v=APEucNW7k3xutXUeFmDhlrunu6mRTTYBmVA8SpSxyoL_yQh2P-K6u2v3fJZAX3RmUOUiehxVDi0HSADp2Eq9FPBVJ0n_wHDvVQ

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 24 Mar 2024 16:53:32 GMT
expires: Sun, 24 Mar 2024 16:53:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame 74F2 23 KB
9 KB 47ms
29ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9106
x-xss-protection: 0
server: cafe
etag: 8408112003982630589
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:27:26 GMT

GET
H3 200 omrhp_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/ Frame 74F2 8 KB
3 KB 47ms
29ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/omrhp_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:27:26 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3206
x-xss-protection: 0
server: cafe
etag: 12640889860211258669
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:27:26 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 74F2 0
0 203ms
108ms Fetch
image/gif 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuB-0Jpz5P6P03w9e-nXTXU2yJo2I9-9WW327dewduTPDMLmejrnAoj-JenYYmDTb9TNpNNrlvzoyEBoi-kDeNbSlR4Zl4aGeJa0-N5NxwD-uITpaVNgbJdzpQzhd-h3BqlLcGR9hE4H8GCSHU43mTXYwmHyYJU7qGXFYuma3tGjnAmuZ3Dxm8OYkb95Nvt6bhqlkCqNDF9jSqDleq1EXmFND48GZu2xp1Oql0A2SL-CYhaK_6DTurEE2VmtTrJaz8MIK_McGDQ0TvYuzgWFh_iN56Cexiesh0wWjE16p6c4wuBvPjRxDCjKAJ4BH5W_bkwmUYSr7jS9Rn0Dq9_C2blLl2Iz_SYgFJb_Llshtos8wdt1x_-O3lsPoJWsNHK8dEABwTms-0Ls8ay48mvpjqrNyadQz8gzMjF6Lcq5nLeWPVvKcKprDoAGNZR9Zc-uwGOAeZWNQwXdIUaYQ0rev8-PW3sm-ag24rkfG59l45kq5IQSyNoeUu1Eb0JkE4nY4cfceWJYJMkNc4N4hUq87-TTaseZGwfZPte7WEyQbEgwyZ4BazjGF4nFRlu5zTDYd-92lf4h45KSjOkJotSVOpUwXKJF_CMUReQIy_ndSS5eFmLhTQXgJiXInsgvnHY4eYeqxPnClhXpq0DMq9koXnSbNYT2QiEvrnn8941Qfvi23i3OOmITgEcibnGt58CIFH5gI447-FWsemYZqWMQqqSKtoAbQ1Rk668QaGWZRnSjRPtImacPULmESKI-sxF0W98OvzWShPVro5qxiZEjs0xi84IuiHkbMD52La4EwOaWE6DTuU1NK0j2Okrj2AxjPmOTMvkdaSjXCh9pgGjJEF3-XVKdohjD36j1_xPCA4XqXS_Nx-g_e74UYGCeT5uE2-7zfZnIVnxKQyxm4rZDrSrdabE2cz3kBT1SP7ZebWDon5k6ApJhRnOealoHXCYkiolUcnul-u9YPOpC6-nRkbcFeibZL8ShkAqxSvn2OQq4M6_jrNMUGWLH0FYMjiVcvboMcBpYxFgO8_MhBxwHTnxPEdwC33gbcnfSZwcMuhQ4Z7BabdKEVXBshWLrMFTosLyLcUFck5gUSRePxHHeJY5Fnnw0yzB0zY8LYtepiGev3y5B73-o3g7_uFx2LFFt7oOuch_V2priiMY1RpVPivJfmR6PIJNIXzfENhkD1tGWYtzCe4Bbm7DXehsV6xSnHDQHgm0lpXiMa45UclXo96V5S_5kk1rcR4rCnKt7HkYGZRDa_jaqDUPGNNMfYg30jNJp1HD5jIzto6rk1LbQArISvLc6B_U3KvTHHoYOBUEaAp37eHYOZafFA6bmP1Puj_QxkTAEO4DdqD0DC8rJwMEX46RoHc12rzqZ4nQ6diRT2LfrDgGUgYlfYp4AGgJzG2Ok9Ha4nN-2Lr-h9BXIREjzA7nKc_fsxb6v4HvIjaIDYfH6lZ3Tz8g7Pub8fFp_tXjHepPBx5x3XM&sai=AMfl-YQ7DAdbQwSbLQTI52150Hkaq7X505vvsP2eibPaPhaIpXXI60g45rIJEWigiQz1Xx3h7i3LdCKCC5TTwObg4fPHOHqGNbKh91VD06M77IeJlBpbeDPD-wueKjtepjx4v2Q3bQI27pn2mUMEcfevCYY6SHorKBwXnxLlb06Q8_y5XIrDDYlz9o3j8k-4b_avuJL0KXnBNgD3wBUiutz133x4DLFrDtUTry_S-Ag8xOtixpzCvR5QOrQ8MjOzg5DM0z9naKghlZwQkZ3AIqggIEpCBCIQq11ydAnpAS0mMcbuncKwqLvz-V7sE0bFi6B9wEIRHr9M7hXD2IYQeVWprZRk6NXEv0sDOP4bDPaiKBhxK8R9NNbf0j-XsRDVmy9JborAl95HxNXLiqfZzRZ8SkKqUCidFivSIdllHtjBJqA_qzNFSLCsmaEJCe4vWQcMoQH1rx9Dknihyni2_rROjrl4vJJzYw4J96jFrSsr1wGptbqhq-L9My4LxRVt_Ow0RWnauL09y5l2kw&sig=Cg0ArKJSzP2e41hFW2ZuEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9qaHUuZWR1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20240320.84622&arae=0&ftch=1&adurl=

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 24 Mar 2024 16:53:32 GMT

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 74F2 41 KB
14 KB 53ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:52:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 07:52:16 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 74F2 3 KB
1 KB 54ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/window_focus_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/ Frame 74F2 20 KB
8 KB 51ms
0ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20240320/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66759
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8355
x-xss-protection: 0
server: cafe
etag: 17564575596476239644
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:53 GMT

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 74F2 206 KB
62 KB 44ms
29ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:26:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1614
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 63909
x-xss-protection: 0
server: cafe
etag
vary: Accept-Encoding
content-type: text/javascript; charset=ISO-8859-1
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 17:26:38 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 74F2 42 B
63 B 109ms
82ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CvTxaRIOEMpQT-Dta4UfU_gzUeZJJPXVQWlMMKLIVr_3L_zoj0hioSoi0CyT2KceDV061anBdpp2ZQfQaocaM58kJBnOKvcQBn2XbEwCYKakW85eI

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 14623910665190316309
s0.2mdn.net/simgad/ Frame 74F2 31 KB
31 KB 82ms
11ms Image
image/jpeg 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/14623910665190316309

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

932590302e81e8502dd59fb88051a614e83503f3ded6a75e28bf14086f8d9fd1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Thu, 20 Mar 2025 07:55:14 GMT
date: Wed, 20 Mar 2024 07:55:14 GMT
x-content-type-options: nosniff
age: 377898
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31619
x-xss-protection: 0
last-modified: Thu, 29 Feb 2024 23:04:45 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 AGSKWxWerMc-xbGqQP5LIQWrsaXfa-CERZBxfc63w6OT2w_6yzmwxr4A9mVANzA_MMkN-UWyZeG95L77xBvdFCzJMc09jcoTaara-xcA3GgN_NhPv6shb3JpkL_Zx2WH3YtgmzQ26h-hig== Show response
fundingchoicesmessages.google.com/f/ 10 KB
5 KB 51ms
50ms Script
application/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWerMc-xbGqQP5LIQWrsaXfa-CERZBxfc63w6OT2w_6yzmwxr4A9mVANzA_MMkN-UWyZeG95L77xBvdFCzJMc09jcoTaara-xcA3GgN_NhPv6shb3JpkL_Zx2WH3YtgmzQ26h-hig==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExMjk5MjEyLDIxODAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8va29vb3JhaGQuZWd0bHkuY29tLyIsbnVsbCxbWzgsIkJYWHdLTUFDb2ZnIl0sWzksImVuLVVTIl0sWzE4LCJbW1swXV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

7b200475a6f2e5e8fafca2e4c7c6a7c184e261ced8c0065e6c0f7af724f39d63

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-8A1NPr6ALhvzBWMuS4NfLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:32 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-8A1NPr6ALhvzBWMuS4NfLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjytDikmLw0JBiOO90h-k6ENcyPGNqBWIDjedMFkD87stLJp6vL5kkgFgDiPnWTWdVAWLd9dNZQ4E45vl01hQgdkqfwRoExD71M1hjgLj15jnWqUB8csF51otALMTN0bO1cQObQMe3c2UAp4gwyQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F45 0
20 B 98ms
93ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3641824532980&version=m202402290101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F45 0
20 B 121ms
117ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3641824532980&version=m202402290101&ct=76&x=1&cor=2427381278338748000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 9F45 17 KB
13 KB 121ms
94ms Script
text/javascript 2607:f8b0:4006:820::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DmN4xmyNxzzV4JLTFnMINVkjyBw59t0F4lQHYc26BZDkMhfdIxMhEtcXSuzXqkKnypGXdjJ3IgKUdmET12QZk6wm37eOAA-ompN2niCVl0Xf_rFB4d0jUAO-Nut1sQmsXsl6wpiFOqR1a-80IiCMMqQ90Euyqebg7ts9mvsaSbYo67upVAjrKOxCnzs6KcsID059VnyqbFcUEMnAJfAk8kZTfNQUnzxk5KTJ4x4mWIy7s6dLc&cry=1&dbm_d=AKAmf-Bsk3RI5n539uIS-Gd8DlP2ISyTRLQBmsC3FQ1qmOEEgW34kwGAujqMPMSf-VK38jVtKwSMarTGp-O8vPbAxSYE55Ls0xf5effZMkruvmpM05lbRTtaxpJC-rswSkbbciA-QXrkE7ut12ZDQCjsXHS0tcHjCaFA36GYjl-ZYwrGSJUIL4N8gguNB6mUav9OeBP0d1nclgAIv0Gb0sZH8cbKOiNFow9w3MZTM9792O0HLQOOBVgUBT15yT_Jg1_wY96nD4LQANKesrr_Q9Bw82nuNtxrIecXogsNR4Vc8RFx-SEbSf7dNRpDoQq8EgOibTfjVNBKISRZfgGkcPuc-Nqnjfwe-k13BxiKurlYI51IULLP1sGJN_vPDTwcbY-BaBhKOyWINBsS9B_YxBUIG9TmFOVNlqa-takeUQqWU5LVnQGGawALUuu5mW4gYHAlTaEm5Nbw-b5eld9bGIaujEJnN8fv4OdAUVV5RnSBVfdkzKihiRzuChrtmzTWAUjhSNQpWfQqawLvbcySHVUacuEk5_aF3bvw-bdqWLEou8wAkQTarYOkgDQQ_z56h3pJLSprUaYTlvCr_3_nvDCOIZdAYrxkEoyiwQfK7Q0j8mGdS6y690Yr2cxJ2TTztrLHd-jJDkeCDnYef_rozSt6mlast0exKFABoUjXlnUA43TJkzQjf0Za27qsuwd0VdEVtW0r9DVeUkL8vN-ioYTL6eSj-6HSyeYUMPqe9eRVyQlm9IxV1UohURwT8NpJu5l1rY2LlK8sddPCitCoN9dg8oXTuw1k-oykIEsGq9MpNcnaPAr4roWd6bKvUnwYt2oLcnsGUaJ-ST1CnvyqTd7Lw1LdRMPYk6CFLKfFqy4M0oqkyWzB_STT227FM-VJl6K8i1SjbkElAAi2M5aGld5M16oLQuQKN_bp7pNXYUHVRTw57SwAPTuIvwe5C0j9mAPd4HDQcZ-XWP3cLow1R8WOFZv6mtnYZ1BsDnu0NK5rkUE382vEmqBm5wmc0iQaNM9rnn5CrRCaiZXMRqUGn0mbdP4GMKosgglCVd5e_MXHC5hhXHkQXw-hzpRr63_72bUn2jk0e3Q4eTmS6U6QjVlYlCgZAb4NDVOOrQ_7M3mASgx8bbIZeWesSJNvzWYNDJCxBk-jiMRgSjl4IHWq0_DKrU24BZ19iwZppbbIpqebvSmct4Z2sfEruqFUWG1yJZg-6_Ta8kZYaRmy9toGh2Q_HR-XXN8cUs--CsQR9BsBaGjfSk9-7bF8t8vQCJ9F_1S3cGUflIRePiMgBEf23wUSXBlLDfIjjwrEiZ1-lI_3RuACUw_aExbBUndkvdPl7vc6yFLT8QJTcM9c5pzbEO_3ENVL2Ke6HclLIn9Cbhpg73eEtlwADU837Pq5Y3tUBXFwpwdbS5Jv-acN1qnW2ZXqf8UZHMxyYBX0XNexvPjsjHBXFfRYFnWBiH5y2HLfyIP2uT3WxTX_C7LsOEMbhxURUNXWAtTBzsbpUs_U0R9FxvGMgSnu-lKREvEPLHzI4WTxjmgeiMoznxmezeBZJHxxGBiXDFCsSyNmLiyD5nJGPKFza_tt_5v3k69pgzS_pv9iWG8p2cFfJ2ld1QLRPav6VnDmFph_XlUyB7znHKoKxaLOQCM9Oh7MUUFs0u6toW5rwS6ifvq82SWb94iwLyj6m9iSGeRMQjJ24pHQRuAvOfxuR93tTPMlOId5R1SOtgcpp6mVQp2UpFtj1FmqquFxIy2dRQ1P_qrOpY0Yrs_rDIbFbUWGHCwv_Z4T-Lwby0U4hUQo7mIA-mzAcU0uWZYbxAav_3IIwpV9SUey8GAB6yyf8R3Wwy_jmszlQ_XctjTBQj7byhnK7F0AwZqoqIfYG8jU1LZtqLpJFIsfsBTnLJYxTXhe42DbkqK1WeZLafq1Odc2l7kV3mWIqADSKtRVNlS5cYqO7SELglhdtsY3le7aoCztLIHX3lkTRuHWvJsYo80_7c6chjahjrMElP2veouKFTBeVBDGXMdXj4ABq7EhhzFPiKn1qc2DDOQMO3jXtsDutUgjpgoqMr5perQkLsyyWDmddCWhsjFd_xcVWqKr9XwEOE19DEyklPG8jZpMOWcKUEKYCNKonYTtqrH7y0qXpls3npU1tQjCwytdm-2p3I4kG1mkBLL1IzjeaDkk8KkaqPsb8b0jVq2Uau7yuiWZl_5sW21brY2tfStqneaE_V1O-rv-9OfOdbaLuKIU8OW2I2egj-gQKOwF4sj07k83445mmP8fShri3hf4NIvbN-W-gkLLTAQOVIFY41umNy8OkFASg-6RBEp_1gmbn3IGrHfIj01GQ9hQSrKrDv1Zm_SAKBuKZRHxIJ4VeXL71qnx5ac_Yd05bcKtz2NNxaHdYPqQk-99GGbScFlVOJKKz1QCwB7RzwU2XOKJkMAgi8wXIv3rYYniACt1guAO85w9Jk0LZXgawDW2dM1g5UwKJhF95-93legElnRgfyHode9hPK03IhCUTN9ZyCI8EMZtT6Y7hCJ05sQsJT5Rw_WAvCk2pXU8WSeCRcZofMRMRJeNfBCHIj6cjJ9ry9kT3-x4FMIMkMbaV7N34Jp4VBepjYECqB106-4jbaEv52Ed7DysWwINWs3cSiD3D9Z3kYIHbd4-wvnINotmV2Ty6cNZVypRJ2hjOm7vVeeB0_CnV1BhNHmwIvsFtn1UEErnkbn-rRxMTy6vpxKzIetwQ3hbOyQW3wCsWIcx1_fhIHUx9Nc5Z2B2uL5gB0hB4Vhh0Z35toD9q6RHo5uG1dfMbbGJR2fQuwdkhi0Cvy56VImEfwQLWhtwuSBLDiQFCYek6RUcHjcrkNP8h31xnSM7skdBo-qeEHYlpZV_GIVTlesTaw6hAgBxh42PjDZZY4CVn3BlJW8q36MX-BxgW9mO-Bqf9TV9g_6UvX563UEJ0wbTyhYy-Bs61bSwX1aV1_eLGsWkOF0G7atMFB4trK4-_Zrv7ZaJzwm_NQLSIq8yL2ZdyK_Tx0AQAwLJem1GmGtLnKctzYqTcCOhRV5i7IqjWmdFY_hbGG6iWpqbov2BaeGUgyAzi2iq4coMl4NnBUiIJhmFoqMQUtF8qbovWD8OSiZ2Fw9Rl-YFaU1tplor-745v7b3acSfXj_Ib3kN7KU7sAtLnWpptWH803zpTgUS_OMuRH0aepukmQVqXJjngndEdoipsNuc47pqbtQ5FM636cIy1ZvBXBIcNicCMN0VfTSd-qHK8S7GnEejgEpN0VBOXUb_-3wJ2ScLbjD-I8F1e2P94tEo2uKTr7P2g7MB-mht6Yos9hpiknlkiCx57r_bUrQmfEwj4n0Vm8_JuHY7CjWtRYrKXsgAhkCsUOhSxMEPHsJFcWglorMtuCLxDXEAI2jRjn3r&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&dv3_ver=m202402290101&rfl=https%3A%2F%2Fkooorahd.egtly.com%2F&ds=l&xdt=1&iif=1&cor=2427381278338748000&adk=521587873&idt=108&cac=0&dtd=110

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:820::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3278b599613555c85561dbde47dfe1a4013ca4cbbd17dc6b98ecba0428819589

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13033
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame CE94
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
330 B

61ms
32ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COT69gIQt-z_qwIYk8zLgQIwAQ&v=APEucNWqfnDeA3n-u8rC3yblh9uNPM3v2U-4rDId3Re2PL0HCT2hRJiDpG88PWEM01fbmyDFErjXWnZn5_SkVbePK1BewOAr8A
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I9NPt0mwExIX0Ulek41%2Bf2KUJjjiDgXTK3tTnhRKjGzGl4EO7zT%2Fah4wStMTBj9bmtWqb3FI8LrvIBIzivJUyhJniDghrWL6vnSb5u6MjOpDFSd8VtaTd7EqX%2Fn2hWXn5%2BmhCRXgon2q7w%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d8fad3643b5-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame CE94
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
770 B

46ms
45ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COT69gIQt-z_qwIYk8zLgQIwAQ&v=APEucNWqfnDeA3n-u8rC3yblh9uNPM3v2U-4rDId3Re2PL0HCT2hRJiDpG88PWEM01fbmyDFErjXWnZn5_SkVbePK1BewOAr8A
Protocol: H3
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v%2BCrai4sYcwth60y77Vl13LVVqKELF0NebsMi0aRtC%2FziMEhxJoecYjZmdi4Pj%2BHklMaJyhoXabsrcR%2BFIocmDxEuu4WC4XSDImKBYykWnRl6om%2F4GY3cYYfa1VoXnOrBbiwIqXT3owenw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d903fee43ab-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame CE94
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

43 B
1 KB

39ms
10ms

Image
image/gif

68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COT69gIQt-z_qwIYk8zLgQIwAQ&v=APEucNWqfnDeA3n-u8rC3yblh9uNPM3v2U-4rDId3Re2PL0HCT2hRJiDpG88PWEM01fbmyDFErjXWnZn5_SkVbePK1BewOAr8A

Protocol

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: 00a1f8a9-7d47-4fdb-85e7-46f35e4edda0
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CE94
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

170 B
188 B

34ms
33ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Requested by

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: 45015018-f409-4ea9-842a-c09e088b2982
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 4587
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
338 B

53ms
25ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCYwOyiAxjax_H4ATAB&v=APEucNUXiqb8755Ql4Q9g6yel58O1R0HfM-5wes_wjLLJpdML5F8qV0tfQg0KQSvJVDlyorLnfO27f2K2XFb5oeAZunrrwVkfw
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PVpOI2GT2hZYa8o0UcSoa9GH5%2B2jvwvZOfFVjwwdSZP3eUclBKBlMQacmAJ8phMOoTpE9tqcmx%2B1pDsu6WM%2FhSjJ0Gzahxql7pCb%2FeGplHjJnD0RONyi7tmDEwTU118T2pAx0xG9DLpyHA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d8fad3543b5-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 4587
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
732 B

132ms
131ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCYwOyiAxjax_H4ATAB&v=APEucNUXiqb8755Ql4Q9g6yel58O1R0HfM-5wes_wjLLJpdML5F8qV0tfQg0KQSvJVDlyorLnfO27f2K2XFb5oeAZunrrwVkfw
Protocol: H3
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UECxunmKI5aQiKXpqSsiBpDeR5kYI98O81ehDXoA3kRCejUaqFLhMSGX3YBFOJgKwgA8YoTsC0h83adU9W%2BdePEhagpIFeo1jHDiqz6A8%2BINb4tfbt%2FebR7BC4U8wDqGjRI9m7yWraxA0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d903feb43ab-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 4587
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

43 B
1 KB

44ms
17ms

Image
image/gif

68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CL6WcRCYwOyiAxjax_H4ATAB&v=APEucNUXiqb8755Ql4Q9g6yel58O1R0HfM-5wes_wjLLJpdML5F8qV0tfQg0KQSvJVDlyorLnfO27f2K2XFb5oeAZunrrwVkfw

Protocol

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: ab3a1789-eb43-4a25-bea3-dceb93986f93
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4587
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

170 B
188 B

27ms
27ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Requested by

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: 04ab40f1-5f8a-44fb-bd76-dfc755267207
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame 9F13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
329 B

60ms
30ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIiFjPQFEJjX8v0FGNn2z4kCMAE&v=APEucNW7k3xutXUeFmDhlrunu6mRTTYBmVA8SpSxyoL_yQh2P-K6u2v3fJZAX3RmUOUiehxVDi0HSADp2Eq9FPBVJ0n_wHDvVQ
Protocol: H2
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sBsdnc2OT4hP7g%2BtRnFuq%2BJCGAlEZELP%2FcIaKZt9pFNiJipMH0fPGHW4ujVFVy4JrHrbL3z0Aw0zzhVeftdRVKG2P2j7mltVCWAhY%2BCWzgEsMJDSBNybm4s36qUyF5Vz8wj5bZIwvLTvEw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d8fad3343b5-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 9F13
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZgBajNHM51YAABFeAQSgyQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1

43 B
743 B

47ms
46ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIiFjPQFEJjX8v0FGNn2z4kCMAE&v=APEucNW7k3xutXUeFmDhlrunu6mRTTYBmVA8SpSxyoL_yQh2P-K6u2v3fJZAX3RmUOUiehxVDi0HSADp2Eq9FPBVJ0n_wHDvVQ
Protocol: H3
Server: 172.64.151.101 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0M%2FVJhKQXeK9bEiUvD%2BDmiOd%2FYEdgZhV5VC9%2BOd746ShyjRjV3zrHyA4AGPQ%2BWqjFvzP5bKGISlKaE7fj2i9qRsJKgn4SlPE%2FupO52dXNXWe71KVekRPMeqxEU%2BMy%2F9%2Bv9qL4Vh6E3psCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 86982d903fed43ab-EWR
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENda-dLYw_Ef5Pg7prgWsm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 9F13
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

43 B
1 KB

45ms
18ms

Image
image/gif

68.67.160.24
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CIiFjPQFEJjX8v0FGNn2z4kCMAE&v=APEucNW7k3xutXUeFmDhlrunu6mRTTYBmVA8SpSxyoL_yQh2P-K6u2v3fJZAX3RmUOUiehxVDi0HSADp2Eq9FPBVJ0n_wHDvVQ

Protocol

Server

68.67.160.24 New York, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: 54404852-9c47-4b80-af62-10fe8baf2cf3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHI3O_yUHYEjm18s___yGIY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 9F13
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

170 B
243 B

45ms
29ms

Image
image/png

142.250.65.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D

Requested by

Protocol

Server

142.250.65.162 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s71-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
an-x-request-uuid: ce2275b6-1f65-485d-9e2e-d526fd667a73
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mzg4NTA0NTEyOTYwOTQxMjAwNA%3D%3D
x-proxy-origin: 5.181.234.132; 5.181.234.132; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 view
ad.doubleclick.net/pcs/ Frame 74F2 0
0 119ms
49ms Fetch
image/gif 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuB-0Jpz5P6P03w9e-nXTXU2yJo2I9-9WW327dewduTPDMLmejrnAoj-JenYYmDTb9TNpNNrlvzoyEBoi-kDeNbSlR4Zl4aGeJa0-N5NxwD-uITpaVNgbJdzpQzhd-h3BqlLcGR9hE4H8GCSHU43mTXYwmHyYJU7qGXFYuma3tGjnAmuZ3Dxm8OYkb95Nvt6bhqlkCqNDF9jSqDleq1EXmFND48GZu2xp1Oql0A2SL-CYhaK_6DTurEE2VmtTrJaz8MIK_McGDQ0TvYuzgWFh_iN56Cexiesh0wWjE16p6c4wuBvPjRxDCjKAJ4BH5W_bkwmUYSr7jS9Rn0Dq9_C2blLl2Iz_SYgFJb_Llshtos8wdt1x_-O3lsPoJWsNHK8dEABwTms-0Ls8ay48mvpjqrNyadQz8gzMjF6Lcq5nLeWPVvKcKprDoAGNZR9Zc-uwGOAeZWNQwXdIUaYQ0rev8-PW3sm-ag24rkfG59l45kq5IQSyNoeUu1Eb0JkE4nY4cfceWJYJMkNc4N4hUq87-TTaseZGwfZPte7WEyQbEgwyZ4BazjGF4nFRlu5zTDYd-92lf4h45KSjOkJotSVOpUwXKJF_CMUReQIy_ndSS5eFmLhTQXgJiXInsgvnHY4eYeqxPnClhXpq0DMq9koXnSbNYT2QiEvrnn8941Qfvi23i3OOmITgEcibnGt58CIFH5gI447-FWsemYZqWMQqqSKtoAbQ1Rk668QaGWZRnSjRPtImacPULmESKI-sxF0W98OvzWShPVro5qxiZEjs0xi84IuiHkbMD52La4EwOaWE6DTuU1NK0j2Okrj2AxjPmOTMvkdaSjXCh9pgGjJEF3-XVKdohjD36j1_xPCA4XqXS_Nx-g_e74UYGCeT5uE2-7zfZnIVnxKQyxm4rZDrSrdabE2cz3kBT1SP7ZebWDon5k6ApJhRnOealoHXCYkiolUcnul-u9YPOpC6-nRkbcFeibZL8ShkAqxSvn2OQq4M6_jrNMUGWLH0FYMjiVcvboMcBpYxFgO8_MhBxwHTnxPEdwC33gbcnfSZwcMuhQ4Z7BabdKEVXBshWLrMFTosLyLcUFck5gUSRePxHHeJY5Fnnw0yzB0zY8LYtepiGev3y5B73-o3g7_uFx2LFFt7oOuch_V2priiMY1RpVPivJfmR6PIJNIXzfENhkD1tGWYtzCe4Bbm7DXehsV6xSnHDQHgm0lpXiMa45UclXo96V5S_5kk1rcR4rCnKt7HkYGZRDa_jaqDUPGNNMfYg30jNJp1HD5jIzto6rk1LbQArISvLc6B_U3KvTHHoYOBUEaAp37eHYOZafFA6bmP1Puj_QxkTAEO4DdqD0DC8rJwMEX46RoHc12rzqZ4nQ6diRT2LfrDgGUgYlfYp4AGgJzG2Ok9Ha4nN-2Lr-h9BXIREjzA7nKc_fsxb6v4HvIjaIDYfH6lZ3Tz8g7Pub8fFp_tXjHepPBx5x3XM&sai=AMfl-YQ7DAdbQwSbLQTI52150Hkaq7X505vvsP2eibPaPhaIpXXI60g45rIJEWigiQz1Xx3h7i3LdCKCC5TTwObg4fPHOHqGNbKh91VD06M77IeJlBpbeDPD-wueKjtepjx4v2Q3bQI27pn2mUMEcfevCYY6SHorKBwXnxLlb06Q8_y5XIrDDYlz9o3j8k-4b_avuJL0KXnBNgD3wBUiutz133x4DLFrDtUTry_S-Ag8xOtixpzCvR5QOrQ8MjOzg5DM0z9naKghlZwQkZ3AIqggIEpCBCIQq11ydAnpAS0mMcbuncKwqLvz-V7sE0bFi6B9wEIRHr9M7hXD2IYQeVWprZRk6NXEv0sDOP4bDPaiKBhxK8R9NNbf0j-XsRDVmy9JborAl95HxNXLiqfZzRZ8SkKqUCidFivSIdllHtjBJqA_qzNFSLCsmaEJCe4vWQcMoQH1rx9Dknihyni2_rROjrl4vJJzYw4J96jFrSsr1wGptbqhq-L9My4LxRVt_Ow0RWnauL09y5l2kw&sig=Cg0ArKJSzP2e41hFW2ZuEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9qaHUuZWR1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=311&vt=11&dtpt=309&dett=2&cstd=0&cisv=r20240320.84622&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 24 Mar 2024 16:53:32 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 79CB 0
225 B 457ms
122ms Ping
image/gif 2a00:1450:400f:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~lu5rd76l&c=6933040708609&slotId=3466520354304.5&qqid=CL6_payujYUDFbaH7gEddqAJKg&fb=outstream-lima&sei=44752538%2C45401791%2C75259414%2C420706098&nsei=44714510%2C44729911%2C44730425%2C44730426%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400f:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 79CB 0
20 B 150ms
91ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CV35AiloAZr7SFLaPur8P9sCm0AKU-Zm5dpmT36GPEreP5a20QhABIJvZojxgycapi8Ck2A-gAab9_a89yAEFqAMByAObBKoEqgJP0CUJXonnDBkABXlIQIjE90UxL66FQAJfEJMjTLdJyBxgj-ooyxpQPjBWnR83PpexfMvhOdmBZKni1jjS29jeNpmnJ7OvG9CaIERJvMxkjnZiZCjoB8InOh5ekl3LfYrbxLFjPqFsz7ccqV12YySTvnoHSXtMVPubufa8Tc4WIngsZvhrH6wCtSDLHVpNy3uz8PoNAMZP5amlmAuIhnIx6Gxz1DYskktW3p6OfwIgi2FVVj-fOqvhhgeEXtfP8Uh_mAwjOFlmBWyOXotF0OuDoT4_oZcgiUgYU22LUutrXEQXvpI-UJIGNfatYC1iJBviLVQbvTYqr38X741Nkz46LXS5C-j0mogidAORPK0noFISR2T1bT629GEigBy5oRGZW534qPnFcw8lwATx-6-83ATgBAOIBdbp47xOkAYBoAZOgAemtc6PGKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYl8GjrK6NhQOACgGYCwHICwGADAGqDQJVU7ATpOuSF9ATANgTDYgUBNgUAdAVAfgWAYAXAbIYCRICk04YTiIBAA&eventType=clickstring&clientTime=1711299212484&ai=CV35AiloAZr7SFLaPur8P9sCm0AKU-Zm5dpmT36GPEreP5a20QhABIJvZojxgycapi8Ck2A-gAab9_a89yAEFqAMByAObBKoEqgJP0CUJXonnDBkABXlIQIjE90UxL66FQAJfEJMjTLdJyBxgj-ooyxpQPjBWnR83PpexfMvhOdmBZKni1jjS29jeNpmnJ7OvG9CaIERJvMxkjnZiZCjoB8InOh5ekl3LfYrbxLFjPqFsz7ccqV12YySTvnoHSXtMVPubufa8Tc4WIngsZvhrH6wCtSDLHVpNy3uz8PoNAMZP5amlmAuIhnIx6Gxz1DYskktW3p6OfwIgi2FVVj-fOqvhhgeEXtfP8Uh_mAwjOFlmBWyOXotF0OuDoT4_oZcgiUgYU22LUutrXEQXvpI-UJIGNfatYC1iJBviLVQbvTYqr38X741Nkz46LXS5C-j0mogidAORPK0noFISR2T1bT629GEigBy5oRGZW534qPnFcw8lwATx-6-83ATgBAOIBdbp47xOkAYBoAZOgAemtc6PGKgH2baxAqgHr76xAqgH1ckbqAemvhuoB47OG6gHk9gbqAfulrECqAf-nrECqAeaBqgH89EbqAeW2BuoB6qbsQKoB4OtsQKoB-C9sQKoB_-esQKoB9-fsQLYBwDSCCQIgGEQARgfMgKKAjoJgECAwICAgKAoSL39wTpYl8GjrK6NhQOACgGYCwHICwGADAGqDQJVU7ATpOuSF9ATANgTDYgUBNgUAdAVAfgWAYAXAbIYCRICk04YTiIBAA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 79CB 0
45 B 429ms
123ms Ping
image/gif 2a00:1450:400f:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~lu5rd77q&c=6933040708609&slotId=3466520354304.5&qqid=CL6_payujYUDFbaH7gEddqAJKg&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.1qp&vast_v=4.0&icc=1&icrh=0&icri=0&icrs=1&icru=0&icp=GoogleWhyThisAd&icdi=18x18&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400f:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 79CB 30 KB
18 KB 107ms
3ms XHR
text/xml 172.253.62.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-CSfXpYcTo3BNfRuvcKdATsRIyAXoQG7ishCuJ0l6fA7sfbSKVTj9wA_Ibw709DDhoss4awODH0iQJZ1tM31nRMOWC_-w&dbm_d=AKAmf-CQVZo9Hnwu913XcrG4kwEV4Xbe-7b-cPHKc1CFFwXP8S40xumzmqMmVI4JDddhVx5EolMjKDnvRxb04NQGeKyA5zUFhFFMP8szvRjxNG7SdzB0wJmEBGfm46ZBYVbIBC2QsCbmq8YL__7Zbaf-386lD6kgFuCydKOHDgAhCRqHnDndtJegx58X0Qb_ZKS1LShJcXo-l-zLG74n7_ZRYJl8T9bgsPQlLx6LCnGa-zu_bngGAF5j0Ofa7QU_BWdvQeXWLgEr_qJGxsLlsAipmngkYdxvpHsaDVUteSzRmgVJjH4XLFpGD53wJP_NdsmzUuqhMb41QD_IdWW64UgKTJEYKnfe-SyLdJZ9kGmQBZuiYw3fjl4BqHs16dlecYTtnaQePDo1Nz4UIhKQg1P_UCiU2nqkjALLjnR4hUSHpsAKIPuNc7FK_ZmLxI2i9_KgfAlVSf89KudqBgPEpZfQ4HHDAUVNaN4b38Utxcv7j72ZiKWSC-QgbC51oFVSc2s_16TlsfY134BDiQsXwAM4k2kQWlbs1DZ102Dcb9x5syUfJG4XS4-lvhbcU7WBRIoHC43AoMZzafbM_n8uX32la5Mdh8LauLmDH6og5vot3qMDOsI0rKpMtrKxKQiq-4poD8GDGRYT3L6bBJl__hvADv6pM3mfZePyQ1p2FXlmbIAl9JwWd4I9YZ4FK0uFzVMG8rvz5KkkxjQSwJzCU9WH3BijfPAmbwol77XHBqGUn5a2wtkAiIMlSDJhNfufrKoqkwqAz3ohRN_UwMYylBDrLegDHtw_oFUTxjsPPhJq6Jyxj-AuIqNJUbAlU4Aqo_n9uOgwE-WmoRhP7ygUSrNYjTmu-llYU8j-1Bg0tBiQOrk5H--jLoXIpouNIfmdfGrBfbnMG8Kl3nZJlp1EOOvufy5mCTOgkRWbrXOHVKfiymHC_sJ9DvMHu4PpiDnIr9WYoFzqg75xQs5Hcmh7Eu1xwP9q0MJr7ekfo0FQlAuLthO89NXVECcnCn9f-468yhW8-G5Ah0cYyHhDiWDutxdy5Uxr7rknfJOd4SVTCn_5F4SW6S43wOyyI25Y0lBxXNabpVcYQNB1iYpOnP_oLknmUvECOSNtPAehFqg8zjkc-mSMga1wCsPNh56qpOruFikZNRRlTBPhabCclR5LRyB3quWjJgmd_oWQiTv2G_Z5OfVGoVEim292TdBRjhAVh1Jv0p61HF3XG5Mo7apCzegziUED8vbRY5pO7y3Px0Zc_JEkl_nlzEclYwDZzHMp1aUPKrtvme17stmgJfIxlPGpYEZENYmSMQggZGH6ZokbaTHTS23sYHPRDl2OHkM1XpRvA3s0wjFEdTWJHEJ61A_RkrnzHqn7bVLmygbL1j0qwKDGKpGUR4n6ga_fojYRY_IXBpO3cKaeN_vWP_G0wUtfcY3P6-1AObihGPAs45I3czJbDYHjvdiICOArfcSleD-wo6_sNuF45z1Eh3jI4DQHBgZ7FPHCMWEtoAq7TJoHVIl8TmRmraoHNGxKUFijB_cQ_rui-RiKIxjPNNuJCLpDgIBigGO8yejbbfNPpk8qsy_Xpx_-mAYYn7FdquJ8_MsMTiA4KOQieT7mOOcCEp7aYoIXA9yT6ILW3otx8U7Zk0j6lAmCfVTWnXPrI3TiXlG2HiHVKegN0z3G1Sfhrp66ucxD-MNh2lwZsBjgqTgMfOzh2gmGREa_AzcSHi2v_KuEwiUxr-2TswpnybXmujz33U7KfALL55lX-7OP48K5aFp1sn7-Xf8wvpMgue-oXeKOu8qp0qJ-n-z_Cq6ywRaEUrcWLh363lMlfR-qOiOsl-VSb1qM9DqzAzZveCOAGhQzWjhn5lCvv0oFhqTW6N0PcF_fTDZvbvpqILoU3KCxuxa7yn7OnDoHOmo7DJvGYWcQt7QVUikdPt8EIR9VYYX4OgDl9CeWM4ou1-chv9bhvH7HNlJl2_NLVce2B3NMYvRLMUP2e-vHMzn3r8lX6QGx98-rYWaZ1PqH31x7nZrBt1wQ4n16gbJc035QHjtuQmm__xg3upYBLWKaChszTDXuItlnpWAnNlHg5q9UhtSI_PoXYQRIxWay-Fv8831T8APZI59bHhIuyIpf-ckb1AvP04cr9edI8grb3DULygs7-fjp3HZom04gQN8rnBN6R0l71FOMQZnZYyttQj8xTkssnv8uz-9oIvDQzhCD1F6IcG2hzVA5k0q_YsjGV3JLq4ivjGl7REVXaAKIUSvtwIkL7btSwKnK1XXMotDmP_dS5RlZHi-yRHGzRoZhnzYAtU7vizDXiXrjZRfyGh4lP1urV5knUvZWmi7auIIIKViQKI6CGyUgCe9LSNeenALL3LnrTMAMFwlV-I__jhqwbvC9DCdXK9tJWzQMGkuKlQyeoeniEp1_OlRBvECXf4eMeO4II0NqAP7DLzfDxJL1AeHMGYkR-bj22uZDdfpmVLeE9Np-7BNoIZ8vqqMrSrwkM2um1C63NG9IghCwzmv8sKVE2KUofGTTo8-NxuXbD7ufVZ36tOpnhtvt3yCZ_p-h_CaInolkNcYwZf2dplEkrmc7yPoyPf_Y7P4I-PGPS9v-VFn5SmfTMjOGfWWKa2GBCOT_MIe8tfpw-4Lr23uSidWR0inl6bAN1hO8FQHjxOvzbQbkI4UzotXlS-xioULU-K-QISx91m7eWE4U1iV4hKEgC8T_HvwQxmqCfUXWdv4V2abAJNNq9Sq1ZoEWKC5xH1kR9CJDUrQyntPzuRMhvffWFzUWR_2uBfItLF4tdbfHc_zBPQ2yqsrLEQWAmSacYnSW7L5Z9eR4gpbG_MI7qmW2TLLMt4d9zRUy8OiFVb2KUGSzgQ6HNAWhpKQATFaKafdcpmDfdesXpKtaFfTEgXYVz39xJZuAsC783c6pGmQDpYvHDLcXkTYCZzlTc60QMGShDAlXumAZqwS5DXAo45HBT0r6AzSNZs6edTXwXKAxsy_DDqqYbHievW-G5IXna5950EiCa7lQkHtCeXsayrMdT6tkVDaKCxSL3baAPlh07yGv-fjSR4UoX6mn8gUm_C5HfNSjTilvnO3PeGOQw9T_lFwFZFKb_Hsl9MtbpUSFIvt80ghPpOhRXU2HJY8qhmJ8wa7qwuE8o6xFhxMUGUkK7iO2iktcbOU8ByMaqGcKtSUS7zGCfUAgHc6b0NNjco8ac-URfNz7m6kWLrON_qlGLjSw_I5JsJzaWmm8NumOcuoXXWZj5q53NN2QULvT-NSuq89UkH2i0RGZPOOI_fs-quBto1yW7UB1uxGXcIBongl4HGnENrtC0NDxnj3k0rFz1LZwqS5ycsUHJkWnheOzGaHcIN5H1FvJB8fbKwBOz70jK0mpmQ9LbdnklV1tQONt-hZqD4-G4r1Zl6sp8_FAyHKHhg1rRQN817D2dT1VZpz33D0YpWiJM3pu61fP5vCZkBw1b5A9HplFLEjJPKnIVJL3QStez6E83Ezlc9R8XlKZUREYWOEx380rkoQAZYlcNWXlvUmHQ3i4f_cgDblx0ohNvhBmHmVk71pJTXiOsa8IOE0-RjdZ3OY3vkQ6O_jt2YNBRCWDZDM-VRY2RKZXXOAbmmp6znXPXO-VtjqwTs_BYhO2t6eUX4ubyeEj4YvDHBWo6SWjb1Ms6-QarKU1r_E0-_4V5p74aJPIrGA-Ng7t54ZPHl7-kW27QndZFExwZnJcuWEIAxO-T9C-1SlPf3heWYF7LCKu2onxFryNgn4olwmfNqHWPoLkwi1rlvqNy8xvKGuxl4qLLszdc43Eq4-M4Tb1_gNGqR6AOuwnzUEfpZflUq00KyOK6DB4ChfK9LUXSxhatT0-QpuUbgIZp5vDTQwwN0tAaPkychNuzjZBCDw0G_rF0_JKQMRsbcTpvY-38bPRUwUh71acgR_Ef-QuJIX7R0I5Yne5zOuFrh8Wvv-sILY&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1&nel=0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.62.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bc-in-f157.1e100.net

Software

cafe /

Resource Hash

d9be117662d001dcd358bbdd60cbe52a6a654e03b3030c8bcaebf1b494ad968f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:32 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18271
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1254 38 KB
13 KB 74ms
20ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 378365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Mar 2024 07:47:27 GMT
expires: Thu, 20 Mar 2025 07:47:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 74F2 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 188d4055269326d3335f77a6f188066868e13c595f8e5ea95081a7299c84a8f5

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 1489 38 KB
13 KB 11ms
10ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 378365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Mar 2024 07:47:27 GMT
expires: Thu, 20 Mar 2025 07:47:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 79CB 0
54 B 138ms
123ms Ping
image/gif 2a00:1450:400f:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~lu5rd783&c=6933040708609&slotId=3466520354304.5&qqid=CL6_payujYUDFbaH7gEddqAJKg&fb=outstream-lima&vast_v=2.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400f:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:32 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
vast.doubleverify.com/v3/ Frame 79CB 25 KB
5 KB 235ms
77ms XHR
text/xml 172.64.151.202
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://vast.doubleverify.com/v3/vast?_media=3&ctx=32240095&cmp=31483624&sid=4590157&plc=389765569&adsrv=166&blk=1&psf=1&_vast=https://ad.doubleclick.net/ddm/pfadx/N132601.3522433CANVASPROGRAMMATI/B31483624.389765569%3Bsz%3D0x0%3Bord%3D%5Btimestamp%5D%3Bdc_lat%3D%3Bdc_rdid%3D%3Btag_for_child_directed_treatment%3D%3Btfua%3D%3Bdcmt%3Dtext/xml%3Bdc_sdkv%3Dh.0.0.0%3Bdc_osd%3D2%3Bdc_frm%3D2%3Bdc_sdr%3D1%3Bdc_ref%3Dhttps://kooorahd.egtly.com/%3Bnel%3D0%3Bdc_ves%3DdGltZXN0YW1wOiAxNzExMjk5MjEyNjEwCg%3Bdc_cid%3D211375754%3Bdc_adid%3D581213454%3Bdc_vpaid%3D0%3B&aufilter1=8246315&prr=1&ppid=103&autt=4&auevent=ABAjH0jdyeoJRAkjlQ0Ao9jw7VTL&c1=8246315&auorder=1016006232&aucmp=21065430230&aucrtv=557512177&auxch=1&pltfrm=1&ausite=886371058759&turl=https://kooorahd.egtly.com/&aubndl=&audeal=&_api=7&_ssm=[SERVERSIDE]&_tsm=[TIMESTAMP]&gdpr=&gdpr_consent=&_abm=[APPBUNDLE]&_pum=[PAGEURL]
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.202 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bf39885eb047e8e4ce2613d7719c62060dd5724c8efaeceedbc1c98e6305c22a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-encoding: br
server: cloudflare
vary: origin, Accept-Encoding
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://googleads.g.doubleclick.net
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: https://vpaid.doubleverify.com
link: <https://vpaid.doubleverify.com>; rel=preconnect, <https://gcdn.2mdn.net>; rel=preconnect, <https://cdn.doubleverify.com>; rel=preconnect, <https://s0.2mdn.net>; rel=preconnect, <https://tpsc-video-ue.doubleverify.com>; rel=preconnect, <https://vtrk.doubleverify.com>; rel=preconnect, <https://rtb0.doubleverify.com>; rel=preconnect, <https://tps.doubleverify.com>; rel=preconnect
alt-svc: h3=":443"; ma=86400
cf-ray: 86982d9119f942e9-EWR

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 9F45 41 KB
14 KB 12ms
12ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DmN4xmyNxzzV4JLTFnMINVkjyBw59t0F4lQHYc26BZDkMhfdIxMhEtcXSuzXqkKnypGXdjJ3IgKUdmET12QZk6wm37eOAA-ompN2niCVl0Xf_rFB4d0jUAO-Nut1sQmsXsl6wpiFOqR1a-80IiCMMqQ90Euyqebg7ts9mvsaSbYo67upVAjrKOxCnzs6KcsID059VnyqbFcUEMnAJfAk8kZTfNQUnzxk5KTJ4x4mWIy7s6dLc&cry=1&dbm_d=AKAmf-Bsk3RI5n539uIS-Gd8DlP2ISyTRLQBmsC3FQ1qmOEEgW34kwGAujqMPMSf-VK38jVtKwSMarTGp-O8vPbAxSYE55Ls0xf5effZMkruvmpM05lbRTtaxpJC-rswSkbbciA-QXrkE7ut12ZDQCjsXHS0tcHjCaFA36GYjl-ZYwrGSJUIL4N8gguNB6mUav9OeBP0d1nclgAIv0Gb0sZH8cbKOiNFow9w3MZTM9792O0HLQOOBVgUBT15yT_Jg1_wY96nD4LQANKesrr_Q9Bw82nuNtxrIecXogsNR4Vc8RFx-SEbSf7dNRpDoQq8EgOibTfjVNBKISRZfgGkcPuc-Nqnjfwe-k13BxiKurlYI51IULLP1sGJN_vPDTwcbY-BaBhKOyWINBsS9B_YxBUIG9TmFOVNlqa-takeUQqWU5LVnQGGawALUuu5mW4gYHAlTaEm5Nbw-b5eld9bGIaujEJnN8fv4OdAUVV5RnSBVfdkzKihiRzuChrtmzTWAUjhSNQpWfQqawLvbcySHVUacuEk5_aF3bvw-bdqWLEou8wAkQTarYOkgDQQ_z56h3pJLSprUaYTlvCr_3_nvDCOIZdAYrxkEoyiwQfK7Q0j8mGdS6y690Yr2cxJ2TTztrLHd-jJDkeCDnYef_rozSt6mlast0exKFABoUjXlnUA43TJkzQjf0Za27qsuwd0VdEVtW0r9DVeUkL8vN-ioYTL6eSj-6HSyeYUMPqe9eRVyQlm9IxV1UohURwT8NpJu5l1rY2LlK8sddPCitCoN9dg8oXTuw1k-oykIEsGq9MpNcnaPAr4roWd6bKvUnwYt2oLcnsGUaJ-ST1CnvyqTd7Lw1LdRMPYk6CFLKfFqy4M0oqkyWzB_STT227FM-VJl6K8i1SjbkElAAi2M5aGld5M16oLQuQKN_bp7pNXYUHVRTw57SwAPTuIvwe5C0j9mAPd4HDQcZ-XWP3cLow1R8WOFZv6mtnYZ1BsDnu0NK5rkUE382vEmqBm5wmc0iQaNM9rnn5CrRCaiZXMRqUGn0mbdP4GMKosgglCVd5e_MXHC5hhXHkQXw-hzpRr63_72bUn2jk0e3Q4eTmS6U6QjVlYlCgZAb4NDVOOrQ_7M3mASgx8bbIZeWesSJNvzWYNDJCxBk-jiMRgSjl4IHWq0_DKrU24BZ19iwZppbbIpqebvSmct4Z2sfEruqFUWG1yJZg-6_Ta8kZYaRmy9toGh2Q_HR-XXN8cUs--CsQR9BsBaGjfSk9-7bF8t8vQCJ9F_1S3cGUflIRePiMgBEf23wUSXBlLDfIjjwrEiZ1-lI_3RuACUw_aExbBUndkvdPl7vc6yFLT8QJTcM9c5pzbEO_3ENVL2Ke6HclLIn9Cbhpg73eEtlwADU837Pq5Y3tUBXFwpwdbS5Jv-acN1qnW2ZXqf8UZHMxyYBX0XNexvPjsjHBXFfRYFnWBiH5y2HLfyIP2uT3WxTX_C7LsOEMbhxURUNXWAtTBzsbpUs_U0R9FxvGMgSnu-lKREvEPLHzI4WTxjmgeiMoznxmezeBZJHxxGBiXDFCsSyNmLiyD5nJGPKFza_tt_5v3k69pgzS_pv9iWG8p2cFfJ2ld1QLRPav6VnDmFph_XlUyB7znHKoKxaLOQCM9Oh7MUUFs0u6toW5rwS6ifvq82SWb94iwLyj6m9iSGeRMQjJ24pHQRuAvOfxuR93tTPMlOId5R1SOtgcpp6mVQp2UpFtj1FmqquFxIy2dRQ1P_qrOpY0Yrs_rDIbFbUWGHCwv_Z4T-Lwby0U4hUQo7mIA-mzAcU0uWZYbxAav_3IIwpV9SUey8GAB6yyf8R3Wwy_jmszlQ_XctjTBQj7byhnK7F0AwZqoqIfYG8jU1LZtqLpJFIsfsBTnLJYxTXhe42DbkqK1WeZLafq1Odc2l7kV3mWIqADSKtRVNlS5cYqO7SELglhdtsY3le7aoCztLIHX3lkTRuHWvJsYo80_7c6chjahjrMElP2veouKFTBeVBDGXMdXj4ABq7EhhzFPiKn1qc2DDOQMO3jXtsDutUgjpgoqMr5perQkLsyyWDmddCWhsjFd_xcVWqKr9XwEOE19DEyklPG8jZpMOWcKUEKYCNKonYTtqrH7y0qXpls3npU1tQjCwytdm-2p3I4kG1mkBLL1IzjeaDkk8KkaqPsb8b0jVq2Uau7yuiWZl_5sW21brY2tfStqneaE_V1O-rv-9OfOdbaLuKIU8OW2I2egj-gQKOwF4sj07k83445mmP8fShri3hf4NIvbN-W-gkLLTAQOVIFY41umNy8OkFASg-6RBEp_1gmbn3IGrHfIj01GQ9hQSrKrDv1Zm_SAKBuKZRHxIJ4VeXL71qnx5ac_Yd05bcKtz2NNxaHdYPqQk-99GGbScFlVOJKKz1QCwB7RzwU2XOKJkMAgi8wXIv3rYYniACt1guAO85w9Jk0LZXgawDW2dM1g5UwKJhF95-93legElnRgfyHode9hPK03IhCUTN9ZyCI8EMZtT6Y7hCJ05sQsJT5Rw_WAvCk2pXU8WSeCRcZofMRMRJeNfBCHIj6cjJ9ry9kT3-x4FMIMkMbaV7N34Jp4VBepjYECqB106-4jbaEv52Ed7DysWwINWs3cSiD3D9Z3kYIHbd4-wvnINotmV2Ty6cNZVypRJ2hjOm7vVeeB0_CnV1BhNHmwIvsFtn1UEErnkbn-rRxMTy6vpxKzIetwQ3hbOyQW3wCsWIcx1_fhIHUx9Nc5Z2B2uL5gB0hB4Vhh0Z35toD9q6RHo5uG1dfMbbGJR2fQuwdkhi0Cvy56VImEfwQLWhtwuSBLDiQFCYek6RUcHjcrkNP8h31xnSM7skdBo-qeEHYlpZV_GIVTlesTaw6hAgBxh42PjDZZY4CVn3BlJW8q36MX-BxgW9mO-Bqf9TV9g_6UvX563UEJ0wbTyhYy-Bs61bSwX1aV1_eLGsWkOF0G7atMFB4trK4-_Zrv7ZaJzwm_NQLSIq8yL2ZdyK_Tx0AQAwLJem1GmGtLnKctzYqTcCOhRV5i7IqjWmdFY_hbGG6iWpqbov2BaeGUgyAzi2iq4coMl4NnBUiIJhmFoqMQUtF8qbovWD8OSiZ2Fw9Rl-YFaU1tplor-745v7b3acSfXj_Ib3kN7KU7sAtLnWpptWH803zpTgUS_OMuRH0aepukmQVqXJjngndEdoipsNuc47pqbtQ5FM636cIy1ZvBXBIcNicCMN0VfTSd-qHK8S7GnEejgEpN0VBOXUb_-3wJ2ScLbjD-I8F1e2P94tEo2uKTr7P2g7MB-mht6Yos9hpiknlkiCx57r_bUrQmfEwj4n0Vm8_JuHY7CjWtRYrKXsgAhkCsUOhSxMEPHsJFcWglorMtuCLxDXEAI2jRjn3r&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&dv3_ver=m202402290101&rfl=https%3A%2F%2Fkooorahd.egtly.com%2F&ds=l&xdt=1&iif=1&cor=2427381278338748000&adk=521587873&idt=108&cac=0&dtd=110

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:52:16 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378076
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 07:52:16 GMT

GET
H2 200 main.19.8.491.js Show response
static.adsafeprotected.com/ Frame 9F45 216 KB
67 KB 133ms
38ms Script
application/javascript 2600:9000:23cb:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.19.8.491.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=23963&advId=629143095&campId=20914945668&pubId=1&placementId=540206611&adsafe_par&bundleId=&dealId=&bidurl=https://kooorahd.egtly.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a4a391b257a6995671b0815752fa0784d079bc7266d15e59bc7a76eebc8b46d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 21:17:54 GMT
x-amz-version-id: wHx9kGfMtHSCY3NFYeny6RZbFrO9IDhq
content-encoding: gzip
via: 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
age: 416138
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 19 Mar 2024 18:56:42 GMT
server: AmazonS3
etag: W/"3b6ff1d377956e23af5815888d2962f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: qC4EENa12Vxn08t-T4D6vNLMH2qNWaa_WaJlyaByhnjzQEAcTsbyFA==

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 9F45 111 KB
39 KB 37ms
13ms Script
text/javascript 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 21:05:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71265
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 24 Mar 2024 21:05:47 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/ Frame 9F45 12 KB
4 KB 13ms
11ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/elements/html/omrhp.js

Requested by

Host: bid.g.doubleclick.net
URL: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNUM7zJ8KKT7bh0LUM-IwTD8Uvf3jDvH_JLz9l47oA0zwdrN_wU&d=CrkBAKAmf-B-LEAs_eFvl5XJNJxLbLaa8kARMUUhBDIIsO42xXcO9f-Tth5IWkTYQSDr0fSTwf3Wg1xk0cb6naWFCvCf7Gdv6LkqDbuLn89qaahoRLt0B4d-PAaSqvbg6P54iaGcQVKCPigeYDGXT2o1RWUDc8N0zrRasZeInALjqc6kAu6IE6_Oqmc90J68UNM6Cj_r6Gz0eaj32CsCllmZAFbuinAWWISrynp_xc0xXMhjLg2HVwqKJmkS-RcAoCZ_4KwtgHlPNCQaEDtQXNQYKOGf5SQn0WnxAnTq0znE_1TUlQAaGWzQX9iDFiHhMSVZ-oEzHIHc1LyT2ZiXT2C_oTIZITreE2TpY_VACPdy5x81pNDFB2oTJysCTtMfNFKz2cueQOrlglgx65Sf7gMckO4JgUdva973BATpjAswhK403ckpNXk_QLUjVw3YFV8TZF5WAhGMy7cVLYtg3aAq0rgit6ZT85mIJ8OL3-5VVH2Xl_AHYpiuyLQMwG9W9n36g0LEP6KgEQDtwroJuuyKRhSx2GqTo-Fgyw95zO5uTVaZL96er5pXmA89SotmEfYZTjD5aiXmvhTA66ZIiaTzs26n-tM2BjMWSq78EmQK4BQVRy0_F9a8D83bvCANQbxek5zxrFHLzy1JFF1VG3Srjl6VS9HIyY79d3VgXlCh8CZxhpZdBVwbjiJe6wvO4CSrgQVUotc0jIPxiBQwHs5DUWATo6kp3ZKBLdriRf1JnoegaDt5GmT1jwodkww1ZkgMs0RMLAUkllcmwjiKY_SU2lIUXSZ7TLLBtUz5pDdeToIWLkTyWS51tHuFPsTG_UeH9TUzMZRyCX1xSgrJw45ZQSnhH7e4-zdkgamSH8nFlDDHIwNlgbtzSjf62qkBqNT67VOMomm4Di6-VZ23tRdwX9YIf8J5G4X_QIy3XSVTkpI2B-4BpL73i5QTi1FlBTfw9Dh8XpeWbcWb4B0hRuz6t1IqH1VHCgjHvAu72DxtIc4_8TGcLw-m0kDQwDYkh9hUycdDuxr_vf9v_JUaFobE-dUJP3YrY6OuENv3GJ6Hkm8fRAPXku4dFOLuWYosI_7ModbrO-X33avh7vdv08ba-JzH-_9Fz1H_TQaEroni_K5fmRGlc4ptFXMMOqzrhAaYM4cLCgzfkpM8HQycerzYd3iXl49I6RrSXieVf3WL4AQEiPL8LvHtnIqvJTiHejZLsreWKRZbLLFC434dY4-oF37kfEOdCQQXr7eDXgqSt0Zat2WNtUHUDpNNJlUamd49Rx9o98npTNb5nWWMCDS8sQBUXMAPMhPsQUWTFr6esB5NHIRoLhN__kgpIhnVBn_vBjvfBRNYhW4d2gJsMKNu-1cRNSvdDA4RJ8r4tryRTRF1JQAm41YqJNKs5N7TZad9pxf8FKPN4DmbTqnr7uVjqPHLVVrhzMZbcuhvFHAYcSpwXhFktvN9oaHbsNPPhDo_MkHlz8adyEGqSQdlsYvrbuThcN44UqjCyUrdGrlxK1ZGJPT2ICa1ZCBgvpgJnUEtkz-_wHxgqF47pDIbPaS_saOgDx-qLW2KiSn-jGOD9Iuiy1aYz4e2400R8x9-7bKELDPViw9Rny5FK0qwfbv-CCBVXnrqOMQeHmzXZC7Bz9_bRt2vDol6e93J093rPjS1jdU-ODO7DrA5cU6zxtIIRgeOrN7uXifDhVMcTBpW6UDAYNUeBLuRjEQ6VZRogNfeNPbI051iUco0M90gFqbf-7v3DWCOI9-5h3dmJFpOE3ZGfk8GNEZwaA8hSSScbH7fLfoCFui_tA_p247fZJPOayaX7brcDtqnChONU-ptRYycMKA5kZTNboyX6Ww0XjcbHwNQ9NUCZGTNt1JTBIlxgF87D1xARRqC6v7w2_vRN5WgrJ3-s-DV7uopGLwKzzzeeFtkd3YwGHaA3hLXVCuLGKtOhPdQCeWmkhNXQjhYmjKOK1KRbdLmqPJz_csqVuNZNNK20PvjLwY1pykZnm1MWRMPE11CgQgHK1YXj430O-qtj8BDRWq9_6hnqwoGeumwdWqqt0X4iU2B-U4Pzmvp4zVXYTslkDOC28jMEOIzJYrHuoD-7rXCdVkOeLDYkmgXSGCNnvT8gWhIdewwtr5KVw9PEw6ISLxMgmvUbR_W-Bwf2bS3B1y1sS7q7V3_uvLEnnNiHd97o1T8SoMDG5IQ5wS7bp4fystFVSUOEAqrPZt4wWcZnGuj_zK88c2FK3XqMr680ZW1JbBHHxADPVNb4kWMafvX2urQNd5ub043_snjZbNXtlWOFUVCOMtwlSnXfYrBZ0p4mZhHVyeiG1y_mZueGbR6ZCW33M0OylH5iNbUqC1gDYo-v5K4zwaIMV6fhmzC-l4PiYNJfeRzzoi79pAIj22pp0lUePlke1XeNlMy6lSUogWxUbjPkyDlDQcghr95GZt8eWbhQVxYVPzMnaU-6JTXalPhffvT3WXW-3MFUB8XS1weba7fOH-8B7l20x3HfUP1IH8MxIvX3Agxm5TmSbggvMncuRcLh7skOOvu0lzCXJWTRHFTtCUKiBlyon7ZguG7gmfyrlW4o923sqRkHalV2A3Wy7i5vje5CJYrhimHHJrIp0Qhf0WA5_q7xCaj4Cbs6PoqHK9UIJPTQD7hgtOfM3POP_T1r-JNcxADfqXHK5rObp1lRiM84ca2syDBOr0UCJWD-Ob6hxxUghbb17FRfFq-KEnfSzPKIELfRo0IEi6cQCNjbZcv8BD5TAvhu7vvzQzSuGRyNUzNqCgq1LJsU0AvMA9bKbXOFXgoI8eV96bh57slkD7YGELkHRzM9tlIPJBPOMu7He88w6uxdYwLUIrpTsT-22yLiOxvq2wpkfDviAey7SE8nsQSKZi6T0vFbyY1FvvlW5IxlEng8eE_S3BQw1__rvgk_mboyE4OkNz1bsQHhYGQOIr5kTN5eIduAyFhEXv6IWyNf3qXUnd-QNL8bs68-qj6WCAPv1AT-mTyuooWc9iMIQbFtMD0wXmE7SY8kb8EiArmKFTj6mSHV32YxAVSk1kdXZ1WfRf1tmQHdhWCONKWMSJ60iCtqDE0BZJ_D25xxHndXzYfcw6-WfADJQUsyTTVx0DHBFOHqb0k3ydriGReJ_csw5GyTum4kQ3sRRuokPWI090D8xoDClg2cJC6H8EGIAeWyntV06K0BubQzhRnICfr8TL8GE59OFibqsIgNAlQYL-0duIygd_ovuhbpkJce83vRq0wfi7u0VW7H7aT4HjHtdsLUs34aCpDNqAmD4Xjw7zFz8GWdD0cIGEkS-VfXbKInHn40AYFHLebPWFLyHnj2ZKzj-xBV3hYgq_1YyWRNenIz8f5_Xwpfsnny44ebejczBIdQAKhOkAR9E-CYlJasXAx0MXI4k2zv5fX1CqAoqo7aU4M0JAxrTc1VOI45lbYn80088yvsp3WIz2bACIY3YXKs1nzzM8VFO0VfSjpQYOAuZyPHK63uD4QcGE60hDT7WCWMK6xypZSR0bTGFfCt8CdygrJVjusD9e2lY1p5KgcsjZKA5DzTMFqDq_MT8faOoL412PD8-zQx72tTrjh6z6FhyDiNd7Fpewww0yY9Arx_C_izDz4iKnFtCYNseqFMKTON8u3XpedUmVCaSSO7Ui96ISsJ1Fp5Ih5BL87zhtfd3f0HgvmQIrKD7SYG7O36rTGbzvMiSQOjuHkwL4zBfRDtjZa_sqkRexEZ03etcJGpcXjQNi5bNceXu9avVOvFEnSjufGO7dfWYHHP7vFKEi8uhTA0lYCec9Lyq2CVnIr2NtuKE4zBKyvxa6NhGG7hq-o6mKzj-lt5vxvASzPioWI3r6gfmxwcxGuAJVsBaJWqVTgptanWSJvwtAyHVWq4_wdqiIX63UiMbsova8xt4lzTHdnikdYp2RWDioASpyS8u6J0CAdTDLmosIY50a8g-mYZuQr1hSBU3hxWU79hnVjgeODxlwQjZ4xVzx_N581M4lDqyl6TCwOG4Q32CmR0FvihwpydMqLTm5Jgo1C7_XeQZnguu8wFYOGmq-ILyJBdxV6uueXMHNU3rbhBoJ0WL6JnVNnkAsN5m7LrXXalYJXSbtsB6TfOw3FkZL3VR6wbuvJ5-k8pnfbVP_QrK6RJpNVBMybcBN5AI3PE4NIcnI288FdW_z1JCj-p7nuk62623C7gAKONh1oSji97zdsD5ZvuhJ7FgwW0j8fq7ZE1TOs2xhs24ECkMnfWs164FfUXNF3IuMqJizafzHyfmk1b-uk7daGnXXrVL2NNQLZZhz0k8V68ycfwk5WyNF4SA0qvPEmHW1Em3M9CS7lW2gzddqvDxpVCAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAWAB&cry=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:56 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66756
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4383
x-xss-protection: 0
server: cafe
etag: 1583492410672046836
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:56 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/ Frame 9F45 31 KB
11 KB 37ms
33ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20240320/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

172abdc1549b57ea9d6e92351ac832492722a46e897bee71f949705da49b3108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sat, 23 Mar 2024 22:20:35 GMT
content-encoding: br
x-content-type-options: nosniff
age: 66777
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11694
x-xss-protection: 0
server: cafe
etag: 7675425396172501416
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sat, 06 Apr 2024 22:20:35 GMT

GET
H3 200 ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js Show response
pagead2.googlesyndication.com/bg/ Frame 1254 52 KB
20 KB 18ms
17ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82149b88aef579b86ec44a9cfd89c5d7ea7dc1b2efd737bba5e60482e4e3ab7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:48:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378312
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20261
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Mar 2025 07:48:20 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 51D1 38 KB
13 KB 24ms
15ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 378365
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Mar 2024 07:47:27 GMT
expires: Thu, 20 Mar 2025 07:47:27 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js Show response
pagead2.googlesyndication.com/bg/ Frame 1489 52 KB
20 KB 21ms
15ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82149b88aef579b86ec44a9cfd89c5d7ea7dc1b2efd737bba5e60482e4e3ab7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:48:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378312
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20261
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Mar 2025 07:48:20 GMT

GET
H2 200 index.html Show response
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 11 KB
3 KB 29ms
18ms Document
text/html 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

abf4ea268c7f691db78547077a314a8adbfe4827fd9c30c9f3c68b017761ae5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 218310
allow-fenced-frame-automatic-beacons: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 3197
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 22 Mar 2024 04:15:02 GMT
expires: Sat, 22 Mar 2025 04:15:02 GMT
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 9F45 0
0 78ms
72ms Fetch
image/gif 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv27t6Rrf5nPlW2okcRNxN5OaAE_EAEu1RGwThlyE24SwucZj3uU20E-QporqfOLtRbzgf9iCnrGjxzVe6epcIsJm7JhZQCwne7XWdnAVSnJDQf3D2zPn2-X5Z7GWKY8r8kPFWbokkemXSLE2w_RiqlijwMt-t0Sn-wpsqFfchf7j99nz9IY87A2XCuDz_WNlQN5Va-OAaAeAWDD1DrsN8wUZqwxhhEBTdf&sai=AMfl-YR0C3eBmtn0BK8feaI-s0hcblpLB-kx1WxArfWtZzsFyi4Dkn2L0iRaSyDW42TSWg8jjDTQUw-NeAoT2lxJKUOjJXb3YK4ri92zuJhER5lBvVeDFwqhTczcqEAUOtOyux0bPeuTNOcm62PhYw&sig=Cg0ArKJSzORu7sA8GHl3EAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9saW5jb2xuZmluYW5jaWFsLmNvbQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=120&cbvp=1&cstd=114&cisv=r20240320.23722&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 24 Mar 2024 16:53:33 GMT

GET
DATA 200
OK truncated
/ Frame 69D4 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0db3d11dc998bc4f9231f1967d9e35edad594f99e52d7aa4c91f3953adab172

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ Frame 98D0 69 KB
25 KB 57ms
20ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 455161
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25150
last-modified: Tue, 04 Oct 2022 19:36:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "633c8b2b-623e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aGXv9ZXzEYz%2BfrCZDgW3kDClJ291%2BdTthx0N2CKyBjzhogldJP%2F50idnJuZOTnxlxocfPcxbWCKBAbY6pydTfp701iVnsJaZuuubLdSZCcxbj9L1DPn7XkJdo0sgQV8nI8O8IwFe6VnKEwwMHlOwUlPz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 86982d919d8e41fb-EWR
expires: Fri, 14 Mar 2025 16:53:33 GMT

GET
H3 200 copy-f2.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 8 KB
8 KB 15ms
13ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/copy-f2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b06aedb229db19d691ed31e9e151f4628b042d38b702548e88dd5be44117d244

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:03 GMT
date: Fri, 22 Mar 2024 04:15:03 GMT
x-content-type-options: nosniff
age: 218310
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8354
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 copy-bg.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 5 KB
5 KB 13ms
13ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/copy-bg.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6817ee28e33839b4b87d94b2bfdc9c57c02d6ba5ee38a4d29cb851d37f74ed69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:03 GMT
date: Fri, 22 Mar 2024 04:15:03 GMT
x-content-type-options: nosniff
age: 218310
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5142
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 copy-1.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 23 KB
23 KB 12ms
11ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/copy-1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1a7571465af0bc50deff687ec5a4a0fad21cef1e8fbf86e1fefc7fc6c1f6991

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23815
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 copy-2.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 20 KB
20 KB 15ms
14ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/copy-2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

885782584da2f2bed593d13803b659688f2ba90f87f7b294e9e92ca7779b066e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Thu, 20 Mar 2025 08:16:50 GMT
date: Wed, 20 Mar 2024 08:16:50 GMT
x-content-type-options: nosniff
age: 376603
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20391
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 copy-3.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 15 KB
15 KB 18ms
18ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/copy-3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1d020e092c4e842e04f03e75b725cf2accceb1cc4a364e7f243ede0bdaa7b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15050
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 endframe.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 9 KB
9 KB 15ms
15ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/endframe.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aab4b5cdd4954f12396a0050a189228435f4c0f4e93a943d158bd0c926f5d659

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8799
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 cta.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 2 KB
2 KB 13ms
10ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/cta.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d8ad7d9f7183b53304bb9594ab5edb4627d79a9260bd5bd617760f549042c3f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Mon, 24 Mar 2025 04:03:13 GMT
date: Sun, 24 Mar 2024 04:03:13 GMT
x-content-type-options: nosniff
age: 46220
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2334
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 glare.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 6 KB
7 KB 32ms
30ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/glare.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2959c6a28672174d488a2f65367f4040b0df29c5d87370208db73773d47e85d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6638
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 legal.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 4 KB
4 KB 22ms
12ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/legal.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a660192b3017be38891bdeb9b72b20bd926b7217f513429540b5b3a90bcbc4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4179
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 69D4 0
0 94ms
93ms Fetch
image/gif 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsuSZC-oB_4ccENTfYtTpMtgc_4wC8Q-h0rmXRLeUG9iOa40DkX5pfrRL7wzJoHLhM2fJFzXPZWJxej3KJEU8G7eQ3blFa34zYhvVF4uqxn-fsQULVIABmkpW0LwLUOkk1HtETLjuz3Iri5Rd5BIOWUC3wgk-F0A_hyV_I6JUV39BlWnJp697T0Stc68Vm6tikLB1_tkgJH8s6N7G0IHW4ZKGJ1ir-JHOBykvEAdMPh7tYVQ_x5KFktlryYYKCvsFFWB9I_RLIsUYQ7OV1227n4ePRl4veT4wvl3ltwYSq0mKeAEUe7w9pS3rNP_4MJI2rd7Fvd9HAeRcgoeeCobdSGM6jHtKFwoUg1FydO2L1Mmq8Ps1_-Xdzm0NBw8eiCw76Z1OeTB4ceKYpDA7XcVgDZMT6XMxWiQBQtsl0IUqMypBRNs2p1f83a7Y0ZPTZo_iTfmCd-kmK05cONXAsPlNZwZhdPADKjAlqyifVE64Cjm0fluT7RVqtXs_P8vmVn_5wS3D6scHkFM5kAd8MwyOIIyD4TEEXATME2QQ8BOG3-lYaxhrwikMBphhC5wLIK73KuMcj3OqclpY5GNv0XwaPZHdSHBAtrPd9tDZwPfIlEvJysU8NMK6vXAKWMkBrvhE8kbXh2e2YWPnnxJLX9HO8v_TKi-BF9ieL9Zzunvf9O7xbHQp3XX4Ae8N-fEpYV898zWGcbwQ7uB2oLf8d3ebq8H-otX3uy3_oGE8CqKK-fESlgD5qhGZQ5aD9pWdXscHRYP0b8XhPYtqitQEnWzAz0ExEdhGMG23l921Kp41Q7GJRhZgB53cjcViVSVZ2c7Rx3KMldY4YZFENByBLh7aBRHHvJZHvnuvDCH0QQYLpwtq44BkVAF6iJU0oGqs1nhRqtlx2736ZNyhSBEr_cerlHUr3WHS2MHGU-SGFwMhqpTi1qtGb5a8LtwiGC3I3aawFq5bhpFREUNiiRGaYzoVW9R2-mJ9aV5PrkpKq8GdIxv_zJ3f2k3Dc2wobhkGuYp-v3zzWuuYoBHZ3XeEBS0CxnrwWMS-uzmJ9mVeD5MoOKBjCie_szJHlUO5_VF_IgXmn2JjU0HZNQiTedhuekwsswx4_c5Ap7EcpIhpNLRUxdGB3PbNTa6iCiBiGbd7FTC2PI9hyphxyv8zECwb3Bm6ywghSJcBakA_EwKQpsOxq5ZMqdrDEJSsQU0ofvW9_u8Hj0XzGTRrbZcNuenWJaTuy29qcF4U3aWdfj6HpjH7ldX67DY_CBcZzxSjGiFOebluir4QrHCUzDpatPl0rLhRswyia5kA4ny0A0jVVZEDN633LysSeLmuzuhr2mjFBzUKhvlJzyKCnsjmfeW1OjL81VmQEFuWYsP3zZGhG9J9Nii3c5aoc5ES8MB8jcTMNq59ssplkJm6cgV8OdyUOmF-MfdyIRtktw_dH1D4X6SMH1GAg-UmAOj7JWCLU4xj7ogs2mm2cdTpnNmLAh3xnDB2BN33hgmsVdB3IoqvgtwRU6oSu031ppG6ZBqlGMgKi4&sai=AMfl-YTt38WTcbrZ94JIcfRAwymunvjGEqWD0n5hn7wk0UZk0szTF_BwFOpJKKGH3MQYWJrIhLqXTgLSBuzbjZ2WYT7vUd0Qx4bjumapXRrd_CP3pJDxQFllGocMrep52jIVcwbThmuRcCvUMPQmOMEwYPgZzDb1Yz1IbMRLHuHBFZatwkVAa4f4eTU7ctn7w0ZxPeZ9UJdXu3NtIXlBWUx5Jg7MOh7Lcj-WbWizTeA0XKhiJZJGYmphxvLsOouQFfztjvdQpMnSFqqgS2dJoyHAwsSRND4aLLu6AZNuxGhTIkl0VoTxgZS_9fmqtv1ZLTYV9jHIn--MriaQR3FG9cvfFjp3nt9uWqhzyQUrPXhDxLqAMEpp3VQfTzv0TRGhNew8kAovcRncYRBIiE9Q_Sqs7QoYAWlMQGFe91GnI0vOWG0ei7spGR45010SCj1Xp5wx4Xzl7xIuztEyrj0sutz1bhh__KdBYHNHQq2Szguyb79kBwg8aZ__WTxpYUJizMU52RNeuDmY3RtPWA&sig=Cg0ArKJSzJ9DIomUYyXJEAE&uach_m=%5BUACH%5D&pr=missingexchangepricemacro&crd=aHR0cHM6Ly9oZXJ0ei5jb20&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=997&cbvp=2&dett=2&cstd=0&cisv=r20240320.15595&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Sun, 24 Mar 2024 16:53:33 GMT

GET
H3 200 ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js Show response
pagead2.googlesyndication.com/bg/ Frame 51D1 52 KB
20 KB 15ms
14ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ghSbiK71ebhuxEqc_YnF1-p9wbLv1ze7peYEguTjq34.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82149b88aef579b86ec44a9cfd89c5d7ea7dc1b2efd737bba5e60482e4e3ab7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:48:20 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378313
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20261
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Mar 2025 07:48:20 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 79CB 0
55 B 130ms
127ms Ping
image/gif 2a00:1450:400f:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~lu5rd7gp&c=6933040708609&slotId=3466520354304.5&qqid=CL6_payujYUDFbaH7gEddqAJKg&fb=outstream-lima&vmfc=15&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400f:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 79CB 41 KB
15 KB 10ms
9ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 08:00:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 377607
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 20 Mar 2025 08:00:06 GMT

HEAD
H/1.1

200
OK

file.mp4
r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 79CB
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signa...
https://r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

82ms
18ms

Fetch
video/mp4

2607:f8b0:4006:15::7

General

Check archive.org

Show headers Download Go to

Full URL

https://r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FB308866E601D01CAC0DDEE5F8EF53F87F276C8.737679A4D1032F9D296D6E17D48AE32352039AFA/key/cms1/cms_redirect/yes/mh/K1/mip/2a0d:5600:24:1500:1012:6c0c:b8c6:ce5d/mm/42/mn/sn-ab5sznzy/ms/onc/mt/1711298912/mv/m/mvi/2/pl/48/file/file.mp4

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

HTTP/1.1

Server

2607:f8b0:4006:15::7 -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Sun, 24 Mar 2024 16:53:33 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1735540
Last-Modified: Sat, 02 Mar 2024 00:20:45 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Sun, 24 Mar 2024 16:53:33 GMT

Redirect headers

date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 667
x-xss-protection: 0
pragma: no-cache
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
location: https://r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5FB308866E601D01CAC0DDEE5F8EF53F87F276C8.737679A4D1032F9D296D6E17D48AE32352039AFA/key/cms1/cms_redirect/yes/mh/K1/mip/2a0d:5600:24:1500:1012:6c0c:b8c6:ce5d/mm/42/mn/sn-ab5sznzy/ms/onc/mt/1711298912/mv/m/mvi/2/pl/48/file/file.mp4
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: https://googleads.g.doubleclick.net
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 help_outline_white_24dp_with_3px_trbl_padding.png
imasdk.googleapis.com/formats/wta/ Frame 79CB 453 B
590 B 43ms
34ms Image
image/png 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imasdk.googleapis.com/formats/wta/help_outline_white_24dp_with_3px_trbl_padding.png?wp=ca-pub-8256239325859871

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 453
x-xss-protection: 0
last-modified: Wed, 13 Oct 2021 14:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: image/png
cache-control: public, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 24 Mar 2024 17:43:33 GMT

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 5F58 91 KB
23 KB 22ms
18ms Script
application/javascript 2600:9000:23cb:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 03:25:40 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
age: 20525274
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: uyMPFvfvxC-1R_YOpaPPEKAtL2m-rnBVHbtFZ86_aKF2LmrclLnWww==

GET
H2 400 mon
pixel.adsafeprotected.com/ Frame 9F45 0
0 22ms
20ms Image
text/html 107.21.5.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=23963&advId=629143095&campId=20914945668&pubId=1&placementId=540206611&adsafe_par&bundleId=&dealId=&bidurl=https://kooorahd.egtly.com/&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html%23RS-1-%26adk%3D2969136043%26client%3Dca-pub-8256239325859871%26fa%3D3%26ifi%3D3%26uci%3Da!3%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:99372893-28ac-32bc-c578-558922149d9f,c:7QZJKf,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c45d7cb47-l6cjd,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:280,mot:0,app:0,maw:0,tdt:s,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:323,oid:0be89ce9-e9ff-11ee-9aff-c2f3f5412f4a,v:19.8.491,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 107.21.5.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-21-5-194.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 9F45
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/1914617/77686741/skeleton.js?bundleId=&ias_dspID=3&ias_campId=1015318397&ias_pubId=pub-8256239325859871&ias_chanId=1&ias_placementId=20914945668&bidurl=http...
https://static.adsafeprotected.com/skeleton.js?ias_xappb=

17 B
464 B

12ms
11ms

Script
application/javascript

2600:9000:23cb:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Server: 2600:9000:23cb:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 01 Aug 2023 00:59:33 GMT
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via: 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
age: 20447641
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
content-type: application/javascript
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: fAIuAQ6QHsAi_ZK9xFb4bWAlQI-ELrQqHmlljq0q6nytCsnmENQ_mg==

Redirect headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: app03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js?ias_xappb=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 85F8 91 KB
23 KB 29ms
15ms Script
application/javascript 2600:9000:23cb:a000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:23cb:a000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Mon, 31 Jul 2023 03:25:40 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 8770cedbbb1c2feb157dc67ce83fe00c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P1
age: 20525274
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: J7ZujVkbt5isEZCE6aYpUErQ0yTF5X6syL5KuN11es575rk8AXvTeg==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 275ms
92ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZJMz,pingTime:-3,time:466,type:v,im:%7BpBlk:363%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:469,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B183~0%5D,as:%5B183~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:324%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt19.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 330ms
154ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZJME,pingTime:-6,time:471,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:471,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B185~0%5D,as:%5B185~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:324%7D&tpiLookup=ao:kooorahd.egtly.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt15.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 258ms
98ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZJMY,pingTime:-3,time:477,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:477,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:365,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B122~0%5D,as:%5B122~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171.99372893-28ac-32bc-c578-558922149d9f.161_23963%7C171*,rmeas:1,rend:0,renddet:IMG.us,siq:366%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt12.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
217 B 238ms
91ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZJMZ,pingTime:-6,time:478,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:478,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:365,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B124~0%5D,as:%5B124~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171.99372893-28ac-32bc-c578-558922149d9f.161_23963%7C171*,rmeas:1,rend:0,renddet:IMG.us,siq:366%7D&tpiLookup=ao:kooorahd.egtly.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt14.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 220ms
97ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZJNA,pingTime:-2,time:529,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1000,beZ:1002,mfA:1281,cmA:1283,inA:1284,inZ:1290,prA:1290,prZ:1300,si:1323,poA:1324,bl:1363,poZ:1364,cmZ:1364,mfZ:1364,loA:1471,loZ:1476,ltA:1528,ltZ:1528,mdA:1002,mdZ:1158,idA:1364,idZ:1392%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D,ha1:%7Bres1:1,ps:1,ts:1711299213303,psfr:1%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:529,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B243~0%5D,as:%5B243~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:324,sinceFw:204,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt02.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 272ms
155ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZJNE,pingTime:-2,time:519,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:1013,beZ:1015,mfA:1368,cmA:1368,inA:1368,inZ:1370,prA:1370,prZ:1375,si:1380,poA:1381,poZ:1393,cmZ:1393,mfZ:1393,loA:1492,loZ:1499,ltA:1533,ltZ:1533,mdA:1002,mdZ:1158%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D,ha1:%7Bres1:1,ps:1,ts:1711299213325,psfr:1%7D%7D,env:%7Bgca:false,cca:false,gca2:true%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:365%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:519,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:365,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B165~0%5D,as:%5B165~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171.99372893-28ac-32bc-c578-558922149d9f.161_23963%7C171*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:366,sinceFw:152,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20240320/r20110914/zrt_lookup_fy2021.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt07.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 0775 23 KB
8 KB 31ms
29ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 378265
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Mar 2024 07:49:08 GMT
expires: Thu, 20 Mar 2025 07:49:08 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 img1.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 183 KB
183 KB 28ms
27ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/img1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3909473fd7e15c55754a4e7337d5a112c2530b3327524a1a1d1d7671ae4c9a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187341
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 chevron-top.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 3 KB
3 KB 34ms
33ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/chevron-top.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9090e90a9892fcf6de5ab6f9f8a60aded9d426bc192d5f2b940c4b6de0cbfd65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2686
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 chevron-bot.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 7 KB
7 KB 33ms
32ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/chevron-bot.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9c84aca5999bac1d5c381ba3c902a12b406619d384c6b193efd74c428884743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7575
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 view
ad.doubleclick.net/pcs/ Frame 9F45 0
0 92ms
91ms Fetch
image/gif 142.250.72.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/pcs/view?xai=AKAOjsv27t6Rrf5nPlW2okcRNxN5OaAE_EAEu1RGwThlyE24SwucZj3uU20E-QporqfOLtRbzgf9iCnrGjxzVe6epcIsJm7JhZQCwne7XWdnAVSnJDQf3D2zPn2-X5Z7GWKY8r8kPFWbokkemXSLE2w_RiqlijwMt-t0Sn-wpsqFfchf7j99nz9IY87A2XCuDz_WNlQN5Va-OAaAeAWDD1DrsN8wUZqwxhhEBTdf&sai=AMfl-YR0C3eBmtn0BK8feaI-s0hcblpLB-kx1WxArfWtZzsFyi4Dkn2L0iRaSyDW42TSWg8jjDTQUw-NeAoT2lxJKUOjJXb3YK4ri92zuJhER5lBvVeDFwqhTczcqEAUOtOyux0bPeuTNOcm62PhYw&sig=Cg0ArKJSzORu7sA8GHl3EAE&uach_m=%5BUACH%5D&crd=aHR0cHM6Ly9saW5jb2xuZmluYW5jaWFsLmNvbQ&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=652&vt=11&dtpt=532&dett=3&cstd=114&cisv=r20240320.23722&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.72.102 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s32-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Sun, 24 Mar 2024 16:53:33 GMT

GET
H3 206 file.mp4
r2---sn-ab5sznzy.c.2mdn.net/videoplayback/id/5af17f6a7f1b8d2d/itag/347/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3853786901/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 79CB 2 MB
2 MB 40ms
24ms Media
video/mp4 2607:f8b0:4006:15::7

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: kooorahd.egtly.com
URL: https://kooorahd.egtly.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:15::7 -, , ASN (),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

6a3fdd4383419afc566e1a7a8018ed9c46bcb9137040443ae8ef4997b3ba715a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://googleads.g.doubleclick.net/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Range: bytes=0-

Response headers

expires: Sun, 24 Mar 2024 16:53:33 GMT
date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-1735539/1735540
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 1735540
last-modified: Sat, 02 Mar 2024 00:20:45 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://googleads.g.doubleclick.net
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://googleads.g.doubleclick.net
client-protocol: quic

GET
H3 200 RHT_zY17L6srHmM0oGH2isr7WAJbgO4PD0Os-3lRiIM.js Show response
pagead2.googlesyndication.com/bg/ Frame 0775 52 KB
20 KB 16ms
13ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/RHT_zY17L6srHmM0oGH2isr7WAJbgO4PD0Os-3lRiIM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4474ffcd8d7b2fab2b1e6334a061f68acafb58025b80ee0f0f43acfb79518883

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:47:31 GMT
content-encoding: br
x-content-type-options: nosniff
age: 378362
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20381
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Mar 2025 07:47:31 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 99ms
98ms XHR
application/json 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20240320&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d4cede927265f50749600d9df20ee16fb76be98f746362544e1a8d5cb9c681d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12421
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 9F45 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9a5fe6a5dc349bf435f14c0f83c23fb912a36f76b15e03be31a7cc733a247c5b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adroller. Show response
fundingchoicesmessages.google.com/f/AGSKWxXwJhviuMTduYEWmU307L3v9JN-4JYjCz7aObbV9EiLaE5W1vEOjtIurDnqJJPzizv_dRk4Z6kAVb798cRcjxq_4xhDwIVX3_bIl6Qs72i-IcvGzTz3yInDDocpLcX-ZbsDRXc0ekiWmio0PuybXTnP89n1M... 54 B
110 B 36ms
35ms Script
application/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXwJhviuMTduYEWmU307L3v9JN-4JYjCz7aObbV9EiLaE5W1vEOjtIurDnqJJPzizv_dRk4Z6kAVb798cRcjxq_4xhDwIVX3_bIl6Qs72i-IcvGzTz3yInDDocpLcX-ZbsDRXc0ekiWmio0PuybXTnP89n1MdgMmgSxzsJutiOeV8MGXa2Pk_cjacQD/_/adiframe7..biz/ad./exobanner._skyscraper160x600./adroller.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.BXXwKMACofg.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzZPe1UaDnwu0d_A-UqaRkwkvIh8A/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

52c7100c9730e6d2c23c002477055489a87f7428d5c249ce8412d424fc80e5bc

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OUqxGlGu6wM-096wdQNMig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-OUqxGlGu6wM-096wdQNMig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmJw05BiOHHrNtMFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaery-ZJIBYA4j51k1nVQFi3fXTWUOBOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAfHLBedaLQCzEw9G7tXEDm8CH_tW_mAAoezY7"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rum.js Show response
pagead2.googlesyndication.com/pagead/js/ 64 KB
24 KB 12ms
11ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a7ec617425e53734b944a1a1bf39f364f26f7c7398632c12c5b2d166e324e09d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:19:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2052
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24450
x-xss-protection: 0
server: cafe
etag: 12071440461849196005
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Sun, 24 Mar 2024 17:19:21 GMT

POST
H3 204 AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 58ms
33ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-VNjLAoAEAglTbvaAnO_Zpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-VNjLAoAEAglTbvaAnO_Zpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0ZBiqGV4xtQKxE7pM1iDgFiIh6N3a-MGNoEJ1361MgMAwf0L_A"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://kooorahd.egtly.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 40ms
40ms Script
text/javascript 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202403190101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 24 Mar 2024 16:53:33 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 82ms
82ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZJVS,pingTime:-10,time:1043,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHw2MDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjIuMC42MjYxLjEyOCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1711299213872%7C%7C8926888d757bc376d9e303a81c427752%7C%7Cc2f0dae1be250666004502f5b1159da0%7C%7C2262b284554c12c43b80d4d66c2258f6%7C%7Cb40606f43ef3a6400524bac17bf2f800%7C%7Cd73fcfa2bb05638769e2337d551c910f%7C%7Cb5ea1369ede24acb95727a1a1b29c514%7C%7C7cfcebcdd1d0f10c1f0a6219726172a0%7C%7C1663701684,im:%7BpWait:33,pLoad:850%7D,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt26.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 img1.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 183 KB
183 KB 13ms
11ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/img1.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3909473fd7e15c55754a4e7337d5a112c2530b3327524a1a1d1d7671ae4c9a7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187341
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 chevron-top.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 3 KB
3 KB 15ms
14ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/chevron-top.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9090e90a9892fcf6de5ab6f9f8a60aded9d426bc192d5f2b940c4b6de0cbfd65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2686
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H3 200 chevron-bot.png
s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/ Frame 98D0 7 KB
7 KB 16ms
15ms Image
image/png 2607:f8b0:4006:817::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/chevron-bot.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:817::2006 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9c84aca5999bac1d5c381ba3c902a12b406619d384c6b193efd74c428884743

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11690527548427024729/CONSMR_BRAND-GENERAL_24Q1_TheActionPlan_CONSMR-AFFSEEK5074_Wellness_AWA_HTML5BANNER_160x600_15/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sat, 22 Mar 2025 04:15:04 GMT
date: Fri, 22 Mar 2024 04:15:04 GMT
x-content-type-options: nosniff
age: 218309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7575
x-xss-protection: 0
last-modified: Wed, 03 Jan 2024 20:33:25 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
allow-fenced-frame-automatic-beacons: true

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 84ms
83ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZJWI,pingTime:-10,time:1081,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHw2MDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjIuMC42MjYxLjEyOCBTYWZhcmkvNTM3LjM2fHwxfHwxfHxHb29nbGUgSW5jLnx8bg--,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1711299213923%7C%7C9ef2fa7639a134dec7578928f405372d%7C%7Cc2f0dae1be250666004502f5b1159da0%7C%7Cef01f0caecf4e013db59dd49ac50df22%7C%7Cdb3fc3351fe5efeabacff3d9c04b8b02%7C%7C72b4f82017ba589483c80e49646de86b%7C%7Ce135a9a42fd5403912f73b2d84a5435d%7C%7C33c6e222d2580a61dca4a37276e4bcdb%7C%7C1663701684,im:%7Bpci:%7Btdr:564%7D%7D,sca:%7Bha1:%7Bres1:0,ps:0,ts:1711299213900,psfr:na%7D%7D,env:%7Bgcd2:%7Bappl:0,cnst:na%7D%7D%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1254 0
22 B 73ms
73ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BldQDiloAZsHSFLaPur8P9sCm0AIAAAAAOAHgBAI&bg=!ammlaSbNAAZewuCMfsI7ADQBe5WfOIvtiqw9HwqTfughcD2UTbH34NEPkjj6i4cuxWpg_DaMqDHqqSw8I1EtyB_Fy8bzAgAAAwRSAAAAB2gBB34ANamWfxE0jTUlwxfIvFK1EeUFJTDYwWV7Wy3sTVuagQUd2mtNRVc01jLyB1iBhwau5CbAVlJJCgBX2mOawiWBCEo5fw7fpdQAatLdRWD1npxWCuc1hW3VZM_tNjOdhGfTBnuh2jOh5VYyvGJVk0T11BvQZIU64IACOe4QJx26zPs5i3ZQJ60uE5qDoAu99X3AmQKVA-y1OnGv_jwEzqRTluviFHmz2em27COo9ZubIHTxn6f8jLlM7MlPHNEh4j-M4S7QuIYi9cYe7JY2n6gFQ0PcAyuRNWDKK9QhAbCA0FsZDGNBimBv9yO5fbW57IXCynudhLs7pdpllg90d7vD9hnETVeROE7VpiRfp0yn2ZRDXVNuVo62AqCL-Nl--W1emi4sNOEl3Zu-PtgwFmrz57n4PXluc5IeUzTJaylTvn6L_O-1nbvy1lhfFYiBkYEqnHOp6v_rjxzFb--odp6mhO9sbJgFKl2T4IPpnRuS4oXlG1kXTl8vahtNc0MGS1ooMB-XCEWorsbdB52Ui9sJCf_1w3LQK6nFqfai4gNsQzlLnkxU_Z-fIXVU6T_DdZawqk5o46odiVY5NTiz1ThvMEDUYRSqf6VoJCywa8DgI2nTlIbUt2-qgBDWAjORXN1OHOgg0SKIv-VTMaRnBiJnSSo67YeCwUxjScR56x69LNfMdLf6LL1D9pHLfBNZCEPxEwFbjS5IqaXL-j24RnOS49SAl4oAc3hMc9XgEP6tpQRTdFezwnDdXiSwVXyL23glNBmvrQDjtfds94FL3_TNhn52i_cSIjb8eK2DfZw8kg_Vsd8BmgK5e0ldR1mj5I7GfS2RuXmaIurqd8MyOjuDJWZyOxD9Qs7L5yYuLgG6hwE0LRNyxljy3TBWS7PxxdEvmA1fgJDyiKzO0n_DnP98ZG6r8W07hyv_jKv2IlvwsCSForaU0AFhLRphssa030-2Ur8BiW9b0Xwp4EAd81yPskL-awRVwetgkbG8jUGlbJVPmNPRkkqaiV7QfSzAikQE_DEQmN4ubtXrwd3jGf9XkX_HmyKTfV6LC3Cmro5qtiAMBMLGKonl4g

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:33 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 79CB 0
17 B 122ms
121ms Ping
image/gif 2a00:1450:400f:804::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=5~lu5rd7oa&c=6933040708609&slotId=3466520354304.5&qqid=CL6_payujYUDFbaH7gEddqAJKg&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=Infinity&br=2084&mt=video%2Fmp4&vs=1024x576&msm=1&aits=15%2C0%2C18%2C22%2C37%2C692%2C59%2C309%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=347&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.274~atrd.27j~vfl.2ts~vil.2uj&ua_e=1&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20240320_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400f:804::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 36ms
35ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9AmQFVthxWJsfMHNgF7J7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:33 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-9AmQFVthxWJsfMHNgF7J7A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1ZBiqGV4xtQKxE7pM1iDgFiIh6N3a-MGNoGOT1tvMQMAw1IMKQ"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://kooorahd.egtly.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 36ms
36ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ygQjQ38XL3SWenOHLLL6FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-ygQjQ38XL3SWenOHLLL6FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw15BiqGV4xtQKxE7pM1iDgFiIm6Nva-MGNoEDh84wAQC2Bwtn"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://kooorahd.egtly.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 36ms
36ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3q517qvdqmvykzeCa8tmBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-3q517qvdqmvykzeCa8tmBg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw0pBiqGV4xtQKxE7pM1iDgFiIm6Nva-MGNoEfu68xAQC2QQud"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://kooorahd.egtly.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AGSKWxVlOHf72LpgmxswWv0Q_LnnzduJ_vGO4lSUyCpmkMMmf3URShKwIgN08l_Tac5To3aWmhz6eTwWLFueEFxFXPGGcH6x5lc-Y9C5ZAG6zcBKA63w4PolA8u8zSnwhKTu0RnqVXmlTA== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 40ms
39ms Script
application/javascript 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVlOHf72LpgmxswWv0Q_LnnzduJ_vGO4lSUyCpmkMMmf3URShKwIgN08l_Tac5To3aWmhz6eTwWLFueEFxFXPGGcH6x5lc-Y9C5ZAG6zcBKA63w4PolA8u8zSnwhKTu0RnqVXmlTA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzExMjk5MjEzLDk4NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9rb29vcmFoZC5lZ3RseS5jb20vIixudWxsLFtbOCwiQlhYd0tNQUNvZmciXSxbOSwiZW4tVVMiXSxbMTgsIltbWzBdXV0iXSxbMTksIjIiXSxbMTcsIlswXSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca2fcc8a6c7dc8c3269c9e700867bc9d0e181bff3a7842afb1ee7dabb363c219

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-qn5SUpnDWbQj1XKi-WrW5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorGlobalRouterHttp/cspreport, script-src 'report-sample' 'nonce-qn5SUpnDWbQj1XKi-WrW5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorGlobalRouterHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorGlobalRouterHttp/cspreport/allowlist
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorGlobalRouterHttp/web-reports?context=eJzjKtDikmII1pBiOHnrNtNFID7vdIfpOhDXMjxjagViA43nTBZA_O7LSyaery-ZJIBYA4j51k1nVQFi3fXTWUOBOOb5dNYUIHZKn8EaBMQ-9TNYY4C49eY51qlAfHLBedaLQCzEzdG3tXEDm8CGzavZAPeyNTg"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
timing-allow-origin: *
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 74F2 42 B
64 B 84ms
83ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuHLrkIyS9cy0Y2agABLhyq9KDuAbgmLbum7QE076_QxF772Yy8Px0Dc_ni1J4Ef60zOYx7iYi6inhx8pIateOCX5w87OcqQ9rHAhsP98TFY-kUNgb2TjldSyMM-Js5uy0pI7w-z2MSxP1QlHtsH0K177zf-DC-BRM&sai=AMfl-YTzBSPRtjcIiRJoqu09WVoojmy9M-_TjXhBVE2VgWbTou-pzcChl9E2cagS2MfqxljYyOews1-haTc_7VCgkeWiQJTZHy7iBj1F25ze6OMQ12AxD2c_qEqeT_V_BBduH4u4FHLPCn-pXxdijbSLVA&sig=Cg0ArKJSzEi-2a1A1_VDEAE&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&id=lidar2&mcvt=1033&p=0,0,90,728&mtos=1033,1033,1033,1033,1033&tos=1033,0,0,0,0&v=20240320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2969136041&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=723201200&rst=1711299212072&rpt=844&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1489 0
23 B 84ms
83ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Br-i2iloAZsLSFLaPur8P9sCm0AIAAAAAOAHgBAI&bg=!DA-lD0DNAAZewuCMfsI7ADQBe5WfOFmZU30B0OEj2vnRgWjO0gUqayYxH-9mQPltJQDRRDAa-zL6NQqtmC-4k48BsMqJAgAAA3ZSAAAACmgBB34ANR3qSn6I7s1GsSOTVZsevolHx9kxbgax6UR7neLgGZGG8veXZbRpYuyaurbD-rgmoecr16KXmQK7SKhXIAmScafyT-U5I-X8ChdQxBwdKfMvAvySh-PqT5nFWmV38WsQylFLmsoqICjScJdHCfSIyHqlBnXDNySIxnq0tPod_ltakf829lAak-XTAlLjAT5WbnjMTqZFWM7yynphbUv8yQYcmigLzIUD5qa2_mrsVsMRG1Hrvoqd9PfRmGMInuTvW9b6JTublAKLoQM606VLYgSc541YDRaMRZWsaqpzALGkxqA50Wb54ETc3q0qnFT6KPx1ni_Wdcda76Gtm9nueVEakR6AxQktcCkB-tYrkUryZSLfoovYu5V3NitxGg3NkiO_CUCd9njRyP3fStbGBNL2JEaRwNke3JHTeEclkWD8lSTLGw49mzhb0tYHdedNPDP_xDHYfPb9sRnTaqFYROPJNGfdow0uMGxb3t-K0bPRv6JkvMdq4VsWci_EUp7Yd0viDfcl36iWGe6YX2uPNsvqzpNbnOLdPtijNEnBCgJ6MjrtrSUSqv7QS0haOyK9TqjuqiGD0n_0hbkTghIc-3bOCYb0iGQl0xYxkrMQpiw9qvnkXVUcAEKTj1ZiyrMKN7LEPBISpJe6VBtZ-5b11aa5nJeRNhKKVzOqcyA4gTLAY_7Z7g1JsV6_5G56upEmHsTkoGQRMjqMP87kGZUcOMRlY2jqErpJkSSa0b1CcoqvuWwYEAgHHnKdnD42l2-pjlxaG67_OU33QbEkec5reJT1IOxg4HM-RWBx0M0pTEvfZn3Fo2hvO884NBjogcx-C5z4VsYWXlIJthKF9rrkmaUvDqx-uNP0T-Iynr4X78XGCbHctu7Q9EcV6yZUOdAgtPdfY0yu6zeq0O0oX5uWE3cMhJhMJUaVeeR3Q4pla_P4qKsx-m0c-sIFxK2oyp1KaokZekHBRIaebCariVMAOO_8GOiXVAO_tEH6sDqRfRV_OiWi

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 20F5 13 KB
5 KB 12ms
10ms Document
text/html 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 378086
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 20 Mar 2024 07:52:08 GMT
expires: Thu, 20 Mar 2025 07:52:08 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 18B4 829 B
1 KB 66ms
35ms Document
text/html 2607:f8b0:4006:824::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:824::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

199a31ab5522a0ffdad5675833a1f7c71d5341048b398aca0f77f569d420e8d5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-zKgl9aJJzUmKyWbKh1EKfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://kooorahd.egtly.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-zKgl9aJJzUmKyWbKh1EKfA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 24 Mar 2024 16:53:34 GMT
expires: Sun, 24 Mar 2024 16:53:34 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 51D1 0
23 B 72ms
71ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=Bz5AMjFoAZozkGfW2oPMPwuOM2A0AAAAAOAHgBAI&bg=!S0ilSAfNAAZewuCMfsI7ADQBe5WfOEf6hqyouKT-7UiuDovw1YAQfmMWwz4QoTNOXGSeYTJ9sWDwxRCJnbPobXBHFXC8AgAAAhRSAAAABmgBB34ANSMswNLxABO5cBPRTFHfLxyuVytESPlUjJZPlsSwSxuH9cChTuw_O59Za5MNtLToXtZUl8CUCgCZyNgQ6hQypsHeKpRe4GibXRZDet33OxKViKiiDD77ZI7JfaxQ-_CVdIGi2PXXTJ3cKJ_7SEYFW97Ez9Bfq41ams4ftdl_CCM1Dkp51OwraqzokLbFpwBiCtsxhWTs5WAZhFHWy2XhYIFccSLQmCJKuyk3IxCYOJEjNsggWY_9qWcYvu4Cr9e0srsFm6AsV2ovSg6O36caAaNomQK2srAtrItolnwedyJD8GZipt-b_8qQL6_iR8aqMSFR3YxTIUO5B5wiMGKSCiWJ0KYhWKR1kPWM6IhoGs2JeZG1PocV7bSvqF2y4ssN0GnRfnnmH2q68Fl6ihQJekLuNp_snfEGpUA-MQIhPLE7NAFV6ZyKSWMPzV4pCJJF-jUL4Qd7qFJ7HuupGQ6DblyU-KLSpUQGXEgOi3TwRaOyqE4JfQ6b6KqHt37ZX_GqnxxRYa8MoLUrCKO2WyQ2NS3YVUEb4Q_NaP7km0k-QpVPOpZrgjIo7ZzjZ5PNKYUKyYDfFcz3PanTvVIZSqM9-W0LJFFxmNi-IjOz9qm1Peuz4JWqR34U8Z9XRe8VGJurcvCInjun_WiAcoDoIOgKUTPXF6oYAWwfvDlqWLzScMB4Ytzxosnvpp14ZznEFG0WHRXjbH3q4rBWu7ooUrFvnr6nmLs2Tgz_k-3tm8-X5Mvz3dWNFGPS3Ym6oj8cX746sOwfsN-oDt0mPa6Kr0_-CeADlk_DCc7ispmi_zVS0TSO760GRc4YMNtwZ3xwoCqEl4eFDT2Acz1vQlUhELDU7dTs6HUhO2u8qtOfeQopRJ67ELj1vYJR8NmQSK_tFvrWD05FDasUBYVq7fKUQY3pORgXCup8QxoV_gClXj4GH1UnI3-qmt7CHD5O4tbWSSA7Z_2Vc9Ap7wX4SOW-dC4-0bjyJAZdozav0AXYVtHueBJR-chRe91BxsEoCKOg58qf-a6z0N63hIsk3OuRR3UY57TlpMk48Z7q_XJjplFWFiOCYb53refFSeHuSoshRQANTsB1de1fK0hDaz-hQsY_VoQ4sIZMWst5W3gmUpGFyBBOykqVjOmr6G4stPuICdV7RJThhhwnDkf3aOIDjnu5Sn5TEB8tWFoBaqvDlrCM8YZRJ8_71s1F8psZgA

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxU5atNWE8bFEuzkwE7K1vItw2TcItxbp5oPP-kcUUE6d1O6xI109-TkQKb-QzMl3IQ9ZGZWLNZjwkfBGsOcHte9h1qY7n-lVtRqkUopCsQd6BmJnQGjIH9kBOlBOHcN7xj-74jQsg== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 33ms
32ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxU5atNWE8bFEuzkwE7K1vItw2TcItxbp5oPP-kcUUE6d1O6xI109-TkQKb-QzMl3IQ9ZGZWLNZjwkfBGsOcHte9h1qY7n-lVtRqkUopCsQd6BmJnQGjIH9kBOlBOHcN7xj-74jQsg==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-M5AXMvJpWIEfkCOtPg76Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
content-security-policy: script-src 'report-sample' 'nonce-M5AXMvJpWIEfkCOtPg76Ng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmJw1JBiqGV4xtQKxE7pM1iDgFiIm6Nva-MGNoEJU2doAACzuAr2"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
access-control-max-age: 86400
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: text/html; charset=utf-8
access-control-allow-origin: https://kooorahd.egtly.com
access-control-allow-methods: POST, GET, OPTIONS
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H3 204 AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw== Show response
fundingchoicesmessages.google.com/el/ 0
29 B 32ms
32ms XHR
text/html 2607:f8b0:4006:81f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJ7-CYpBYTgDS10DCd6u0Q1l45mVb5xhTvsHdBi7x0Wiy8Xvzyk48kxY8-w1Y2oCrz6DLLb6fE55x0O770-aVY_cKxxVUr4Emyqz7TWjx3O2U3QT3enHotb_Lgv5Vh9asdCvHXGw==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Tpv6w9ZcrUohjLxoWODcOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://kooorahd.egtly.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-Tpv6w9ZcrUohjLxoWODcOQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjktDikmLw1ZBiqGV4xtQKxE7pM1iDgFiIm6Nva-MGNoEDt5dqAAC28AuF"
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: same-origin
server: ESF
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://kooorahd.egtly.com
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
x-frame-options: SAMEORIGIN
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js Show response
pagead2.googlesyndication.com/bg/ Frame 20F5 40 KB
16 KB 18ms
9ms Script
text/javascript 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/ClgGLJT-anMFFp_jPcSPgTpNjWBfoBtPLqdYJvwYrrQ.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0a58062c94fe6a7305169fe33dc48f813a4d8d605fa01b4f2ea75826fc18aeb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Wed, 20 Mar 2024 07:55:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 377856
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15865
x-xss-protection: 0
last-modified: Thu, 14 Mar 2024 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 20 Mar 2025 07:55:58 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 69D4 42 B
64 B 71ms
70ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssYJGLW_cQDWcH6kvKU3EoO5I4kBsx6fQUEVd5Ml4EW2hYclMZJ2tyUoK9Jp3Mq7VXNVGiIWWwvLTIX6DSTJlB8Zfp1KilsCtsN6EBzHTGmBx-8o7z1xidhXs6fCERzY2Nbzgmb-6ZYjJHss69lIlnAmrv7M4f7Ggk&sai=AMfl-YQI230PEq_UL2lstyuPXhUzbMhjgoqf4USi_jIuLPNQuXwQSp4dEZBaPcGMaj28ADsqA6-KGuJeMkuZGvgTfssCN7N8JhB41Wbp9yP9RvBK2qDuB0aC6itZdIqtuFgq0REJmiwtUJESr2kTbLB70g&sig=Cg0ArKJSzGbJ_XEQ4jXaEAE&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&id=lidar2&mcvt=1029&p=0,0,600,160&mtos=1029,1029,1029,1029,1029&tos=1029,0,0,0,0&v=20240320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2969136044&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=723201200&rst=1711299211714&rpt=1252&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 77ms
76ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZK04,time:1303,type:e,sca:%7Bha1:%7Bres1:0,ps:0,ts:1711299213876,psfr:na%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1303,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1017~0%5D,as:%5B817~0.0,200~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:129,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:0,renddet:IMG.us,siq:324%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
server: nginx
x-server-name: dt20.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 18B4 0
0 67ms
66ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20240320&jk=240704526235184&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0775 0
23 B 67ms
66ms Image
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=B5jTBjFoAZqqtJMHYoPwPhMqX2AMAAAAAOAHgBAI&bg=!U1ClUB_NAAZewuCMfsI7ADQBe5WfOKc5QOpC9Dq-QtXocalx29VjJ2QGe6oHFhGvuU5USXIFqlMhKHc6306Cx19NohBzAgAAAZZSAAAABWgBB34ANTnSLIotMNbo-w__EJTOV5bjly4YacEYMOURTcc_oigkJbFT3hPJTfDiHOQ4nuDCC31TmzuOmQKyZSqNLWxRIYP4TD6e6kzEAS6RCuE40XpKGxI5z3U1goBAsaHkHsWq6LteA7s9sRgs4_CWkOUsmXKyvOXneh7p3gzsiqvUGYqaX_kj6RYSydwwLT7fpca3IPJmpX0bMQ0FtPbLTQ5eWTdZ2rTj2DdD5LwYpGYqJIYJytEMaZanqm5RFbTCR_xg1lKYF87C46Ei1kFRkS5n3CRzTaO7k_qLhnq_T6lDLMQ8MxsK2yGWcyc_4SqHQq_mMAxDTUWhQG1PJOww_Y1JmEdtFXTXD135fGjAMzo26y0VFjm9d1iTbMO40nt8_0DzvsK6YXeS4-a5jqE6Wm_S9b7xUh91-ImPnrjy5Oy19DzQt3SPteEhcyMLk_Uel3eovSUyKG3wLJP50Fj0pikCYQ5v_Yf3NRdbP6hQcyvG4EkTwHq_3aW2vViwPy3uLoJVLTiiMiowr5esL839ShSyghbJi7tWgzJyeov9MiBzXiCgcIdcASzsgXaBYwBDi78MCfHUYCJLPboY8FMmFvai1CC_QeHIUOaaVZq5cVFaV-awT9Yr_HS2Jg_JXLIl1Mgao5GB6xpVTJtFHcobceDxffAo4aKt7oyyClWGaVVjhpD6pUFYb6_uU44nUk6uV8DOss-6aF4HSMANnZ912PKmpljUqDxB_9xalj9dd1AK6RFvOUDuJNSFuuXNuEQm1p5ucq7U2On_rlHFJa01Imw0KtrX2oWYlALXhRSAGWkLMgxHOtlwZYJpYjbr0gqvu48nLXBXVYeqxgxv_KDIsv8pfIZgG8qBtdynXmi97G1x47wJY7w8GP56LOr8y9m0bu0skkzPAYWfRtkC6GchwVnN6PvpmEg8FJ2mJ5bxwghZeH34m9Vb-aOsgSHMJRTydareIdv73eMjwbpO7ddNE8yUK_nx_d9Fl8TnZXSx

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 502 dt
dt.adsafeprotected.com/ Frame 9F45 0
0 75ms
74ms Image
text/html 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZK25,time:1428,type:e,im:%7Bpci:%7Btdr:1052%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1429,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1143~0%5D,as:%5B817~0.0,326~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:83,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 20F5 0
10 B 8ms
7ms Image
text/plain 2607:f8b0:4006:824::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?U-wJHA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:824::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Sun, 24 Mar 2024 16:53:34 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9F45 0
23 B 66ms
65ms Ping
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3641824532980&version=m202402290101&ct=76&x=1&cor=2427381278338748000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 71ms
70ms Image
text/html 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20240320&jk=240704526235184&bg=!b2ylbCPNAAZaswqNerM7ADQBe5WfOKVVIIxZgP7N-cax-WgRoKNsQ-owoTViqnLcqePR33BgnOwW4KX5DPEmpq1c4o9HAgAAALpSAAAABWgBB34ANdaO879IoWC-2_erkGJ6y1d5zTzCvzV7ed85x5fCs984FdXmeARnndJJny5-RQEcknqITIE1CgATjTAVMcclW63QBUO_ykAlHj7GRpkCa1NU3Sl3WDZvs3nxzH2q2Qhb72IP08it4WoQcBXyjmosOn9DYlxmEAPcxC-HaYoPKyIKYYyaCuQrUjSR_iTbWoFRGlP6Xlxmb-5kVTNcKIfmQRwfIc6av7_8K-W63s7ZlMrMcv2EpcO9h237AKbjv0cxzCtV_dWcnW2sTc89A8SEK2Ov7jTqFxfUzLlX39ALA_un-jdIPp7v4D6rkLZsqVIKK_K7aSeqggEVOIe_v-Y_CxTT1tLrr_SGbJXJbIwlSbNc6mwmETsKYDx0aB9TkYN-Z_5yOG2plxXUSyDQLMvlXZwHJPonF2eqt8c66_FLCxuOmRqLs0P5St4Z3MDMA6PRdM5Nr4Kol3IhQMFoEPfgMocr9xJ4zjMYa_lcIf1G59xNGtS972gHW_Z0zzR7NJQ9QA9iUcjgruupkpe4tzEJ2s46NC5Rnp_54YCIBoxC8UN2HgrSjmuKSi3rkdNloTgujVLybDym4g6NcTV-qdBL306nlHgStBmByblWZAu1R65f6jYz26qc0ntbRx_zcFxcnOpm-MsIG8QTbFKH3BxzrDrMCoDEH9D4kIoBXB2X-Ikv_1UosA9CpZKJ7Bfzs9kW30F7IhJPw9dTa4bu-VBRhH5-cpO7LTck0WqsV3ZDiCrFFwvxEeHriuJWrHjUUfVF2vd17wIHbSZMMBIOaNJcw2YyrY9X7MgrGm7Q9FHtvv1qez8hdVLH7BHCpuhb9bEgs0U8ULnaZt9wOpYbeY7qIMH6KWIrVZ3_SIG2lQ_fwU1IL16CUYv4XMtRppSia_l94-lfWNNY8N5_xhiD1-aADhYcOtghDJ6UuCM
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://kooorahd.egtly.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9F45 42 B
64 B 74ms
73ms Fetch
image/gif 2607:f8b0:4006:80d::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuIrY0HPvSIw3YomB8nm8XL8jxixyKKrEI0MHHlYm2yYf-5_jQmbOFJiLWuNsPXIr0i8aXtWCraETIuHGhY4GC51pXRmQmbuGZaUQchfl6uthQBQi0Ub56VWutDAUv7EeBAM8IHEQ9Q_rQuCjuykg1QAvTlVyGCt8M&sai=AMfl-YRWWD63H-L2eqDYIaaYS2I-duuxX8RIsb7KA6KQA-Se46SNVeQnPRyDCIHLHkf7iIYbmETm4_iYDkrDTO51Uqi0nlekbr5FnVpPgygD4eaSywYgNR1gSkC1aSfcWM3Y9Q45ecBmWbTT3GARMrOLUQ&sig=Cg0ArKJSzDf5jZL-ivuzEAE&cid=CAQSTwB7FLtqpjZ8z8DnRd-fMmQJaz9_3cVwMsB3Mjlwzi_56Eu7OtQtFJ9BYMDcBDayXHd1HQ9wHlgini_tRp6fmrzZTzt1CILyJFbEjo275WoYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20240320&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2969136043&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&co=723201200&rst=1711299211830&rpt=1083&met=ie&wmsd=0&pbe=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80d::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 81ms
81ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZKd1,pingTime:0,time:2106,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D,%7Bw:160,h:600,t:1103%7D,%7Bpiv:100,vs:i,r:,t:2105%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1,o:2105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1819~0,1~100%5D,as:%5B817~0.0,1003~160.600%5D%7D%7D,%7Bsl:i,t:2105,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1819~0,1~100%5D,as:%5B817~0.0,1003~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:83,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
server: nginx
x-server-name: dt05.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 83ms
82ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZKd2,pingTime:1,time:2093,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:365%7D,%7Bpiv:100,vs:i,r:,w:160,h:600,t:1090%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1003,o:1090,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:365,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B735~0%5D,as:%5B735~0.0%5D%7D%7D,%7Bsl:i,t:1090,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1003~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:109,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171.99372893-28ac-32bc-c578-558922149d9f.161_23963%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:366,sis:654%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
server: nginx
x-server-name: dt16.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 83ms
83ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1914617&asId=51445a0e-4f5b-72a3-fe74-d91c24ade985&tv=%7Bc:7QZKd3,pingTime:1,time:2094,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:365%7D,%7Bpiv:100,vs:i,r:,w:160,h:600,t:1090%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:0,slTimes:%7Bi:1004,o:1090,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:365,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B735~0%5D,as:%5B735~0.0%5D%7D%7D,%7Bsl:i,t:1090,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1004~100%5D,as:%5B1004~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:109,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.1914617-77686741%7C1711%7C1712%7C1713%7C1714%7C181%7C1821%7C1911%7C19121,idMap:171.99372893-28ac-32bc-c578-558922149d9f.161_23963%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:366,sis:654%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:34 GMT
server: nginx
x-server-name: dt18.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 81ms
80ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZKta,pingTime:1,time:3107,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D,%7Bw:160,h:600,t:1103%7D,%7Bpiv:100,vs:i,r:,t:2105%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1002,o:2105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1819~0,1~100%5D,as:%5B817~0.0,1003~160.600%5D%7D%7D,%7Bsl:i,t:2105,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:84,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:35 GMT
server: nginx
x-server-name: dt01.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 81ms
81ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZKta,pingTime:1,time:3107,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D,%7Bw:160,h:600,t:1103%7D,%7Bpiv:100,vs:i,r:,t:2105%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1002,o:2105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1819~0,1~100%5D,as:%5B817~0.0,1003~160.600%5D%7D%7D,%7Bsl:i,t:2105,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:84,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324,metricId:publ1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:35 GMT
server: nginx
x-server-name: dt13.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 9F45 43 B
216 B 79ms
79ms Image
image/gif 2600:1f13:800:7780:8013:28a0:ac77:5947

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZKtb,pingTime:1,time:3108,type:c,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:321%7D,%7Bw:160,h:600,t:1103%7D,%7Bpiv:100,vs:i,r:,t:2105%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1003,o:2105,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1819~0,1~100%5D,as:%5B817~0.0,1003~160.600%5D%7D%7D,%7Bsl:i,t:2105,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~100%5D,as:%5B1002~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:84,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171*.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324,metricId:grpm1,cmr:t%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f13:800:7780:8013:28a0:ac77:5947 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 24 Mar 2024 16:53:35 GMT
server: nginx
x-server-name: dt06.or.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

Verdicts & Comments Add Verdict or Comment

88 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-21 04:57:39	Name: IDE Value: AHWqTUk8WlWKmzoSNFlesvxvsTucHPC3N_0nVicfnsr60AKyHYoxlhsE84goVgZdNd4
.doubleclick.net/	1970-01-20 23:40:51	Name: receive-cookie-deprecation Value: 1
.doubleclick.net/	1970-01-20 23:40:51	Name: APC Value: AfxxVi5RE_r28pLyv7chne1gTgOum8KclZyZcYS5iQ478-xTv7zhnw
.casalemedia.com/	1970-01-21 04:07:15	Name: CMID Value: ZgBajNHM51YAABFeAQSgyQAA
.casalemedia.com/	1970-01-20 21:31:15	Name: CMPS Value: 1395
.casalemedia.com/	1970-01-20 21:31:15	Name: CMPRO Value: 1395
.adnxs.com/	1970-01-21 04:57:39	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-20 21:31:15	Name: anj Value: dTM7k!M41.D>6NRF']wIg2C%u@VZ%p!@wnfH8K6pQK`!5=E<L5?%LxjCs!4AVTx5V?-Y/^B$cAls?T:_@nx'GNP(hw9P-HC_#tuAN)xM_@
.adnxs.com/	1970-01-20 21:31:15	Name: XANDR_PANID Value: 5urhbsvvzvdSHCcUmQloQcwYw_UIXKxMTk7shLlKf5gfZyejW29Qy4kpGG0f-MlqeVddJZ-smXEsSwj-l7sL1oUzhsIb-Gz8zBI_WiFdNvs.
.adnxs.com/	1970-01-20 21:31:15	Name: uuid2 Value: 3885045129609412004
.egtly.com/	1970-01-21 04:43:15	Name: __gads Value: ID=b6ef6d3a979ddc39:T=1711299210:RT=1711299210:S=ALNI_MYmnSn40klkQ1g3RYd6ZtKny9_bGg
.egtly.com/	1970-01-21 04:43:15	Name: __gpi Value: UID=00000dacaf1cd984:T=1711299210:RT=1711299210:S=ALNI_MYdgOYwKI1sF-lcEKOo8Gfakn-9OQ
.egtly.com/	1970-01-20 23:40:51	Name: __eoi Value: ID=6eec1e2cf134223e:T=1711299210:RT=1711299210:S=AA-AfjbkkLe0fNwsiTFvhtl2hnyM
.egtly.com/	1970-01-21 04:07:15	Name: FCNEC Value: %5B%5B%22AKsRol_OrAeC4SPiY32aOQmo5zysoY1GGSyvRvct4zIsaUV2y_d6b6NxCBrVpCG3it0_4nVQCsfV6TewsS-zfunvOuR4gWWr0mhBDdvy33WfHM6pk11r6V07qzm7U_cT0l_rfJILa_ByDNMwLRPOnFabrrpAAc1QjQ%3D%3D%22%5D%5D

115 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://pixel.adsafeprotected.com/mon?anId=23963&advId=629143095&campId=20914945668&pubId=1&placementId=540206611&adsafe_par&bundleId=&dealId=&bidurl=https://kooorahd.egtly.com/&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fkooorahd.egtly.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20240320%2Fr20110914%2Fzrt_lookup_fy2021.html%23RS-1-%26adk%3D2969136043%26client%3Dca-pub-8256239325859871%26fa%3D3%26ifi%3D3%26uci%3Da!3%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:99372893-28ac-32bc-c578-558922149d9f,c:7QZJKf,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-6c45d7cb47-l6cjd,rg:va,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1.grpm1,mtim:280,mot:0,app:0,maw:0,tdt:s,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:323,oid:0be89ce9-e9ff-11ee-9aff-c2f3f5412f4a,v:19.8.491,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 Message: Failed to load resource: the server responded with a status of 400 ()
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://kooorahd.egtly.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://dt.adsafeprotected.com/dt?anId=23963&asId=99372893-28ac-32bc-c578-558922149d9f&tv=%7Bc:7QZK25,time:1428,type:e,im:%7Bpci:%7Btdr:1052%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:1429,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:315,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1143~0%5D,as:%5B817~0.0,326~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:jload,dtt:83,fm:u7Xv66V+11%7C12%7C13%7C14%7C15%7C1611%7C171.23963%7C1711%7C1712%7C1713%7C181%7C1821%7C1911%7C19121,idMap:171.51445a0e-4f5b-72a3-fe74-d91c24ade985.105_1914617-77686741%7C171,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:324%7D&br=c Message: Failed to load resource: the server responded with a status of 502 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ajax.googleapis.com
bid.g.doubleclick.net
cdnjs.cloudflare.com
cm.g.doubleclick.net
csi.gstatic.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fundingchoicesmessages.google.com
gcdn.2mdn.net
googleads.g.doubleclick.net
ib.adnxs.com
imasdk.googleapis.com
kooorahd.egtly.com
pagead2.googlesyndication.com
pixel.adsafeprotected.com
r2---sn-ab5sznzy.c.2mdn.net
s0.2mdn.net
static.adsafeprotected.com
tpc.googlesyndication.com
vast.doubleverify.com
www.google.com
107.21.5.194
142.250.65.162
142.250.72.102
172.253.62.157
172.64.151.101
172.64.151.202
2600:1f13:800:7780:8013:28a0:ac77:5947
2600:9000:23cb:a000:8:48e:53c0:93a1
2606:4700::6811:190e
2607:f8b0:4006:15::7
2607:f8b0:4006:809::200a
2607:f8b0:4006:80b::200a
2607:f8b0:4006:80d::2002
2607:f8b0:4006:80e::2003
2607:f8b0:4006:817::2006
2607:f8b0:4006:81f::200e
2607:f8b0:4006:820::2002
2607:f8b0:4006:820::200e
2607:f8b0:4006:822::200a
2607:f8b0:4006:824::2001
2607:f8b0:4006:824::2004
2a00:1450:400f:804::2003
2a02:4780:27:1276:0:6cf:958c:2
68.67.160.24
00d0a056f2945930508baa7e6305912659f90cb6db7e49678855f6e7cead5832
015d2548eb03343d19e441f337ce7af7481fb037ecc0097db692571ef9af34d2
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
04fa4fe54665cacb0d30e028747b0a15046d5152d4295250380bcd5569e7c664
0a58062c94fe6a7305169fe33dc48f813a4d8d605fa01b4f2ea75826fc18aeb4
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f79c64f686102f8cc72db584b52c51dbd0720d7ade9a3284a3520bd91dc5328
14fafb150b976a0b5ac428c91e0825c33ba47b251f2bf349f4e1e5f954d9ad63
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
172abdc1549b57ea9d6e92351ac832492722a46e897bee71f949705da49b3108
188d4055269326d3335f77a6f188066868e13c595f8e5ea95081a7299c84a8f5
199a31ab5522a0ffdad5675833a1f7c71d5341048b398aca0f77f569d420e8d5
1a730cb34285c933a5839e656856a4eaac2449e49a997efe53d454b94ace676f
1afd73c344439fa1bd92896f7a6da5287e8bc436f2e78d0ae18eb27114a1e52c
1ca0680c88a40021340bacf76fe43ce39d7943184fe189f12986e734b4407d51
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
200341909a2a21a63f8817eb83c056ec34571e232ab55cc573ae717b15c0f0e0
2959c6a28672174d488a2f65367f4040b0df29c5d87370208db73773d47e85d7
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3278b599613555c85561dbde47dfe1a4013ca4cbbd17dc6b98ecba0428819589
386a292b805ec5376c149711c08d9013658fd08879a7ac9a62a99e14310c397a
3909473fd7e15c55754a4e7337d5a112c2530b3327524a1a1d1d7671ae4c9a7d
40d7ca6df590de3c75bd7a261d15645187b90dbf56304b2de8c84d9dc9b0f52a
425f9ca7029ca2c95d204079575a3e5f737ef4d322614225344c5aeadd51bfb8
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
4474ffcd8d7b2fab2b1e6334a061f68acafb58025b80ee0f0f43acfb79518883
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
4879dcab21b2218432075c33aff13cea89de4f392f749eaef3df339f3f694c72
4a660192b3017be38891bdeb9b72b20bd926b7217f513429540b5b3a90bcbc4b
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
50a1faa1a9f60f47e2727851488dbc80dc2bacae886a48a14eb1ac654058b004
50ef9515403872e534f8293a3a2644e92abae2d81acb1b35f07970cb78411d80
5247f03294c8fb5e170a1e794128ad4c20adf34728aeebd1ef0026aa63ca09cf
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52c7100c9730e6d2c23c002477055489a87f7428d5c249ce8412d424fc80e5bc
547048491674cd402b023868021cdd2dbfb867226dad1a438056561885533080
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55ff68079dbfb7ab5fcaf48316f11203412a259870fd01260804f669f6f8ef2f
5a23d8b3f234337a66c42065409ea946a4700a68fb92775125a176ec9520c82f
5d1d020e092c4e842e04f03e75b725cf2accceb1cc4a364e7f243ede0bdaa7b6
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6372b5a8e5fc57b424acbfd4b2f698e05b9f9a8a9f62294a95b14e83077fac2b
64de305de498d050399b770401193e8035b42628fac716bd90e1a0a8deeba9ac
6817ee28e33839b4b87d94b2bfdc9c57c02d6ba5ee38a4d29cb851d37f74ed69
6a3fdd4383419afc566e1a7a8018ed9c46bcb9137040443ae8ef4997b3ba715a
6e43c7de3013abdc811b8de78db16022ebaecba9e888781818f2ca97be6ddffe
7b200475a6f2e5e8fafca2e4c7c6a7c184e261ced8c0065e6c0f7af724f39d63
7b55c2985622d34d7082f7d6ebf2400b470931d72c84a387cbc8c54ddb67487f
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
82149b88aef579b86ec44a9cfd89c5d7ea7dc1b2efd737bba5e60482e4e3ab7e
885782584da2f2bed593d13803b659688f2ba90f87f7b294e9e92ca7779b066e
8b58887660dca72c67a2ddc08f2ef9e1ee892069a712b287038821f04a31a2c2
9090e90a9892fcf6de5ab6f9f8a60aded9d426bc192d5f2b940c4b6de0cbfd65
9159ff44d7094b8c99c902b187018a7e1115252e3c0438f9d4622295cd00d287
932590302e81e8502dd59fb88051a614e83503f3ded6a75e28bf14086f8d9fd1
94c21be1bfcb47969719229648026a622323618c801c94278fdfc44d862591f7
98b0a64881ac47591dd409dde52c030d372b4b66afea15610a4a9e8f271a797e
9a5fe6a5dc349bf435f14c0f83c23fb912a36f76b15e03be31a7cc733a247c5b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a4a391b257a6995671b0815752fa0784d079bc7266d15e59bc7a76eebc8b46d0
a589cd1aca37b285ea34723d2a61f443838e10d9f198ae493d999edbd933a60a
a7ec617425e53734b944a1a1bf39f364f26f7c7398632c12c5b2d166e324e09d
aab4b5cdd4954f12396a0050a189228435f4c0f4e93a943d158bd0c926f5d659
abf4ea268c7f691db78547077a314a8adbfe4827fd9c30c9f3c68b017761ae5a
af1b202f16299aa05efb9d5c07aeadea3171ae3530ca5873c8e100c46cfacec3
b06aedb229db19d691ed31e9e151f4628b042d38b702548e88dd5be44117d244
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b164963a8c9343cf6c2f7dab172aa7ea7e0deeead44f488e35eeb899c0fd1ae2
b66fc18fef504d695b9c3dd1596d4fce5f282ac0fa71709302ed647c76292a15
b9c84aca5999bac1d5c381ba3c902a12b406619d384c6b193efd74c428884743
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bf39885eb047e8e4ce2613d7719c62060dd5724c8efaeceedbc1c98e6305c22a
c3772492945729b74df8752540cffab2620d6c466ec11e4fc0c8ccdebcf3752b
ca2fcc8a6c7dc8c3269c9e700867bc9d0e181bff3a7842afb1ee7dabb363c219
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cdb7911dd984dc9b0840a0a94e711600b05dd72d612465fdb18ecfb67ea9e66c
ce7a87c1271052d63a096e6e71c40d45ad55c944d8a67c1996922e067f33ea4a
d3f4104957e76483acba4180738253208fd8d4d81c64931244860514af502b82
d4cede927265f50749600d9df20ee16fb76be98f746362544e1a8d5cb9c681d0
d8ad7d9f7183b53304bb9594ab5edb4627d79a9260bd5bd617760f549042c3f0
d9be117662d001dcd358bbdd60cbe52a6a654e03b3030c8bcaebf1b494ad968f
df447dfee5dea8c301a4a0caa0588e77ac25c6bb8a283c56ab96cf5c851b618b
df68f57ecda7de300bd2613e1619f481bcec4791f91634ceaa5ab9dc12493205
df69e4f334e2275515a11cd543074c487f33b69b0ea84e5e413e4767b52bbb31
df7a397b8ce58f6251a395e02608b4f620e934a958bdfe6702c6f2033593eed0
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e519cc4b7b8fdc64a7aaafc1b808cde266a234205aac0d6c55589c12446d565e
e7713795cd12f9b0d56c032d0ea4bd3d083b1676354257c9346d5591198c3a85
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef34301455784e8a56ecc7a80985d6fd317ddd8328b6232dc0bc3223d79c91c2
f0db3d11dc998bc4f9231f1967d9e35edad594f99e52d7aa4c91f3953adab172
f0df5bac42e20b19dafbdf42b5480133ffdf8885bf9d4fd9a8fa3043e3efd2ae
f1a7571465af0bc50deff687ec5a4a0fad21cef1e8fbf86e1fefc7fc6c1f6991
f1ac95da385417bc88382ae242f2006e957e26a72e2c897e1bc453bf1ae6e2c3
f2a1dd5dc216fcb89c844d66a4dfe7073c50da7891869b357f46a91e067080af
fd35fc4d55ec726ac0b407386a5125ccc1f9eca53610b0adc253a4e088681176

kooorahd.egtly.com Open in urlscan Pro 2a02:4780:27:1276:0:6cf:958c:2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

179 Requests

92 %HTTPS

71 %IPv6

12 Domains

24 Subdomains

24 IPs

3 Countries

4134 kBTransfer

7613 kBSize

14 Cookies

2 Outgoing links

Redirected requests

179 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

kooorahd.egtly.com Open in urlscan Pro
2a02:4780:27:1276:0:6cf:958c:2 Public Scan

Screenshot
Live screenshot

Full Image

179
Requests

92 %
HTTPS

71 %
IPv6

12
Domains

24
Subdomains

24
IPs

3
Countries

4134 kB
Transfer

7613 kB
Size

14
Cookies

179 HTTP transactions
3 data transactions