www.xn--82cz3bcub1a.com Open in urlscan Pro Puny
www.ตรวจหวย.com IDN
2606:4700:3036::6815:3c07 Public Scan

URL:
https://www.xn--82cz3bcub1a.com/
Submission: On June 06 via manual (June 6th 2021, 9:05:02 pm UTC) from SC

Summary HTTP 142 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 21 domains to perform 142 HTTP transactions. The main IP is 2606:4700:3036::6815:3c07, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.xn--82cz3bcub1a.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 7th 2020. Valid for: a year.

This is the only time www.xn--82cz3bcub1a.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:4700:303... 2606:4700:3036::6815:3c07	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
16	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
32	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
3 7	2a00:1450:400... 2a00:1450:4001:827::2004	15169 (GOOGLE) (GOOGLE)
2 3	2620:116:800d... 2620:116:800d:21:8c6e:cf2c:8d6:9fb5	16509 (AMAZON-02) (AMAZON-02)
1	34.98.67.61 34.98.67.61	15169 (GOOGLE) (GOOGLE)
3 3	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
17	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
4 4	185.64.190.78 185.64.190.78	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 1	79.137.69.120 79.137.69.120	16276 (OVH) (OVH)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
1 1	18.195.172.136 18.195.172.136	16509 (AMAZON-02) (AMAZON-02)
2 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1	2a05:d01c:1d8... 2a05:d01c:1d8:8100:61f8:e3:2497:5dcb	16509 (AMAZON-02) (AMAZON-02)
2	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
2 2	23.20.15.211 23.20.15.211	14618 (AMAZON-AES) (AMAZON-AES)
1	142.250.185.242 142.250.185.242	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2012	15169 (GOOGLE) (GOOGLE)
142	24

29 2606:4700:3036::6815:3c07 (United States)

ASN13335 (CLOUDFLARENET, US)

www.xn--82cz3bcub1a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

32 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com

odr.mookie1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.227.252.103 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.64.190.78 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.139 (Frankfurt am Main, Germany) 3 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 79.137.69.120 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: gcm10.host.hit.gemius.pl

googlecm.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.172.136 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-172-136.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

id.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d01c:1d8:8100:61f8:e3:2497:5dcb (London, United Kingdom)

ASN16509 (AMAZON-02, US)

ag.innovid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.20.15.211 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-20-15-211.compute-1.amazonaws.com

e.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.242 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f18.1e100.net

p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2012 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	438 KB
33	doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	131 KB
29	xn--82cz3bcub1a.com www.xn--82cz3bcub1a.com	3 MB
9	google.com 3 redirects adservice.google.com www.google.com	1023 B
9	gstatic.com fonts.gstatic.com www.gstatic.com p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com	88 KB
5	googletagservices.com www.googletagservices.com	176 KB
4	pubmatic.com 4 redirects image6.pubmatic.com	2 KB
3	rlcdn.com 2 redirects id.rlcdn.com	1 KB
3	rubiconproject.com 3 redirects pixel.rubiconproject.com	1 KB
3	openx.net 3 redirects rtb.openx.net	995 B
3	quantserve.com 2 redirects cms.quantserve.com	1 KB
2	addthis.com 2 redirects e.dlx.addthis.com	2 KB
2	google.de adservice.google.de	921 B
2	googleapis.com fonts.googleapis.com	1 KB
2	google-analytics.com www.google-analytics.com	19 KB
1	innovid.com ag.innovid.com	296 B
1	agkn.com 1 redirects d.agkn.com	760 B
1	gemius.pl 1 redirects googlecm.hit.gemius.pl	340 B
1	mookie1.com odr.mookie1.com	608 B
1	googleadservices.com partner.googleadservices.com	648 B
1	googletagmanager.com www.googletagmanager.com	32 KB
142	21

	Domain	Requested by
32	tpc.googlesyndication.com	googleads.g.doubleclick.net www.xn--82cz3bcub1a.com tpc.googlesyndication.com pagead2.googlesyndication.com
29	www.xn--82cz3bcub1a.com	www.xn--82cz3bcub1a.com
17	cm.g.doubleclick.net	www.xn--82cz3bcub1a.com googleads.g.doubleclick.net
16	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net www.xn--82cz3bcub1a.com
13	pagead2.googlesyndication.com	www.xn--82cz3bcub1a.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
7	www.google.com	3 redirects googleads.g.doubleclick.net tpc.googlesyndication.com
5	www.googletagservices.com	pagead2.googlesyndication.com googleads.g.doubleclick.net
4	image6.pubmatic.com	4 redirects
4	fonts.gstatic.com	fonts.googleapis.com
3	id.rlcdn.com	2 redirects googleads.g.doubleclick.net
3	pixel.rubiconproject.com	3 redirects
3	rtb.openx.net	3 redirects
3	cms.quantserve.com	2 redirects googleads.g.doubleclick.net
2	e.dlx.addthis.com	2 redirects
2	p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com	googleads.g.doubleclick.net p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com
2	adservice.google.com	pagead2.googlesyndication.com
2	adservice.google.de	pagead2.googlesyndication.com
2	fonts.googleapis.com	www.xn--82cz3bcub1a.com googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com
1	p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com
1	ag.innovid.com	googleads.g.doubleclick.net
1	d.agkn.com	1 redirects
1	www.gstatic.com	googleads.g.doubleclick.net
1	googlecm.hit.gemius.pl	1 redirects
1	odr.mookie1.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	www.googletagmanager.com	www.xn--82cz3bcub1a.com
142	28

This site contains links to these domains. Also see Links.

Domain
xn--82cz3bcub1a.com
haihuayonline.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-07` - `2021-08-07`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.google.com GTS CA 1O1	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.quantserve.com DigiCert SHA2 High Assurance Server CA	`2020-10-02` - `2021-10-07`	a year	crt.sh
*.mookie1.com DigiCert TLS RSA SHA256 2020 CA1	`2021-02-22` - `2022-03-25`	a year	crt.sh
*.innovid.com RapidSSL RSA CA 2018	`2020-02-07` - `2022-04-07`	2 years	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
*.v4.metric.gstatic.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh
*.ds.metric.gstatic.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 21 frames:

Primary Page: https://www.xn--82cz3bcub1a.com/
Frame ID: 07E6AF173CF753FF30B0DC76543C4A3D
Requests: 50 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/zrt_lookup.html
Frame ID: 17ECCFFEFB5E36903652D0FE6722B7BF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1623012548&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013480715&bpp=2&bdt=1037&idt=192&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1643070725622&frm=20&pv=2&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=229
Frame ID: CFC38696719C1B37BEEE3A4BBC016DC9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10
Frame ID: 0D112416646B6167B6007355859B239E
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13
Frame ID: 55A0018ACC2DD885853FC4391987502A
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
Frame ID: 6AE0BEE069D72FD6BF4A20E7E57C7654
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18
Frame ID: 435E03B1313EF6BD17EFF04F0843B317
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: E23060E5C42C8EE09D8F2C1AA1C1851B
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E652D934583EB51840FC29B3157CFDAB
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: E9115B7A50108780B96B2FF95D38B05D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html
Frame ID: 7056C65113DE7C041AD150A49EC2653C
Requests: 13 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CaH6XaTi9YLnuCdG3Y-arvrAMkb7sm17Vhcr9nAqTm6XsgwIQASC1h8N_YJUCoAGH6Kv0AsgBCakCpYzRIahptD6oAwHIA0iqBN8BT9BZdjZMkrhbFjB946frHTJ4XjFd4X3uIUEkj-TiTEU8-l_I1E9GiPAdIsXNGPH8O6Yoff3Zpsv3esKs8UXcSADg7adhRwlAkVpfFd-lFICgs-0JIPDXdT5mVIfdmGxPq4f62IF6TsI3fi4xtyJWRMGBXzgvNk87SMGJDz3P25Qxl6FAyBlvPo9CvUNP3LHTW9tpTIxj4eeMy_26V-ZS-Etp3twT8xI8gtv1mbG7aj7cD46B1K21lUTuEWpN9WolsZBxrcej6WCpIMLYW0t0yoGKng63hm_jq8clTPpj-cAEp-rk1Z4CkgUECAQYAZIFBAgFGASgBi6AB-CW04sBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEILzA9IICQiA4YAQEAEYH4AKAcgLAdgTDNAVAYAXAbIXGgoYCAASFHB1Yi0xOTYwMDM0MjgwMTIyMTMx&sigh=s3mdVFTRtF0&template_id=419
Frame ID: 48A7AE60F3F8ACCD8F03FD754597407B
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: 0BA04B301540AD9CED90DA9DEDF29330
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7881940223B788CFD99DE09E48D7F6E0
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: BF3A371B4C0CD6D54E352BEBC5DC1DC2
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: A907D5C569970C86261066160635908B
Requests: 2 HTTP requests in this frame

Frame: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
Frame ID: 92D63A3044866C5148BF307315B99BB5
Requests: 4 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BD396FD62681156C8982CCA594472A37
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: D34E5AE601EB1D91068E49D559587C0F
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html
Frame ID: 739147D960E473815FE7A4609ABD52DA
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1698D15DAC2446815EFCB5520F1EFE80
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

142
Requests

98 %
HTTPS

59 %
IPv6

21
Domains

28
Subdomains

24
IPs

4
Countries

3881 kB
Transfer

5987 kB
Size

6
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://xn--82cz3bcub1a.com/
Title: หน้าแรก

Search URL Search Domain Scan URL

URL: https://haihuayonline.com/
Title: หวยออนไลน์

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 64

https://rtb.openx.net/sync/dds?google_gid=CAESEJtgyBcjNWSDoUIlXvgY2Ig&google_cver=1&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEJtgyBcjNWSDoUIlXvgY2Ig&google_cver=1&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

Request Chain 65

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEALKsvnajokZwe6YLgx1zrM&google_cver=1&google_push=AYg5qPKOUEpLc8osy3X93-XbYlWmQj2pzsd3MLh1orRWk8ytyZdqnqF1yOQWE0QoLXOpqDP13mckkttnSdDDH861SoaiDIcFI3Rh HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEALKsvnajokZwe6YLgx1zrM&google_cver=1&google_push=AYg5qPKOUEpLc8osy3X93-XbYlWmQj2pzsd3MLh1orRWk8ytyZdqnqF1yOQWE0QoLXOpqDP13mckkttnSdDDH861SoaiDIcFI3Rh&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKOUEpLc8osy3X93-XbYlWmQj2pzsd3MLh1orRWk8ytyZdqnqF1yOQWE0QoLXOpqDP13mckkttnSdDDH861SoaiDIcFI3Rh

Request Chain 66

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBYQsJkXXws-B4Ol2uJ3p4s&google_cver=1&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtzeHJvcjbwDmeByes39aUs8_aAa HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMQTYtMU4tTEc5&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtzeHJvcjbwDmeByes39aUs8_aAa

Request Chain 67

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg

Request Chain 68

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEI3bArzmYEmPjBZbb2Rwp90&google_cver=1&google_push=AYg5qPKTsyV4MQIWeCp7QFjgDbF5GR_V7YFI3SYJimSfS6iNHgPPPiZHbkVewYb2z16WOHb-qJ0a1Eb-d9iUMlfHHTaE7YFPTQiTWzU HTTP 301
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKTsyV4MQIWeCp7QFjgDbF5GR_V7YFI3SYJimSfS6iNHgPPPiZHbkVewYb2z16WOHb-qJ0a1Eb-d9iUMlfHHTaE7YFPTQiTWzU&google_hm=

Request Chain 70

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 109

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 110

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGUmkAVDoupr8MT_vlfmySk&google_cver=1&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlkNsJEhdFovHQeigbMFHZjNWDK8uEfcapGKYlCtWewE HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlkNsJEhdFovHQeigbMFHZjNWDK8uEfcapGKYlCtWewE&google_hm=YXUhGLCwpvsaonlyikhZtA

Request Chain 111

https://d.agkn.com/pixel/2175/?google_gid=CAESEC4BXaLPZWvW9Ldev7Ui5A8&google_cver=1&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY&google_hm=Q0FFU0VDNEJYYUxQWld2VzlMZGV2N1VpNUE4

Request Chain 112

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLo4jCgmVuXFdXnvr_TKnmw76gs6_033YBGNUNIfK22pcsfMfVxbuyZH0akm5TZ9Vgo0srsIzfPWt93Koj6s2_OYG6IS9E&google_gid=CAESEF4cq6TWTm4lnaNvYaz6WeI&google_cver=1 HTTP 307
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOnw9IUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMbzRqQ2dtVnVYRmRYbnZyX1RLbm13NzZnczZfMDMzWUJHTlVOSWZLMjJwY3NmTWZWeGJ1eVpIMGFrbTVUWjlWZ28wc3JzSXpmUFd0OTNLb2o2czJfT1lHNklTOUU HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwa0JPR0llMllhRmlmbTRZMXpTOW0yLTBQX0lhZEdsSjgzOG5qZEhZYkpuVQ==&google_push

Request Chain 113

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEO-v5C0TOKNV2cxXYPua05w&google_cver=1&google_push=AYg5qPJs0uuj_l0RJ4lagBPZ207I9sY4KzzpsBcof5OLxDGrKpqy1-5vfU_a5rHJi6h3mZwxHwF_ceUcsWfIl8UxUeeGgv9_hw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJs0uuj_l0RJ4lagBPZ207I9sY4KzzpsBcof5OLxDGrKpqy1-5vfU_a5rHJi6h3mZwxHwF_ceUcsWfIl8UxUeeGgv9_hw

Request Chain 114

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPklkC0jS2c7mokQ5cSnFB0&google_cver=1&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5J5CknLtdOnuJ-So1HzO-TMz0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMRkUtMjQtQ1hBSQ==&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5J5CknLtdOnuJ-So1HzO-TMz0

Request Chain 115

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_cver=1&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1

Request Chain 131

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEG2nJ7UREY0RUcdkZTSNhXs&google_cver=1&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIfJnKfI6VZQIEEUvs1iahhizHlrzmiKJ4Vyw_zBu5N0 HTTP 302
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIfJnKfI6VZQIEEUvs1iahhizHlrzmiKJ4Vyw_zBu5N0&google_hm=YXUhGLCwpvsaonlyikhZtA

Request Chain 133

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1CN-PfK4ZnDoQkAvQzKk3ZsOsEP9Tvs&google_gid=CAESEHX1uSraUzbf5ZFLBH7-yUI&google_cver=1 HTTP 302
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1CN-PfK4ZnDoQkAvQzKk3ZsOsEP9Tvs&google_gid=CAESEHX1uSraUzbf5ZFLBH7-yUI&google_cver=1&rd=Y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA2MDYyMTA0NDI0NTk0NTk1ODU3MTc1Mg%3D%3D&google_push=AYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1CN-PfK4ZnDoQkAvQzKk3ZsOsEP9Tvs

Request Chain 134

https://rtb.openx.net/sync/dds?google_gid=CAESEGWiWsAA-uTWyFGUM_kRYws&google_cver=1&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

Request Chain 135

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEDmiZ5tZGrY9gq0-_9VDJgE&google_cver=1&google_push=AYg5qPKVnoZrq3qh2JvhSYyeUHJK0lh8J1vkBUwYw2AAtIMI1lYTaNGHBs86to4M4lt8wcR6QjXqorKe7ikvwShvydws3ydPyw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnoZrq3qh2JvhSYyeUHJK0lh8J1vkBUwYw2AAtIMI1lYTaNGHBs86to4M4lt8wcR6QjXqorKe7ikvwShvydws3ydPyw

Request Chain 136

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKrHODe-2o5ruzRN_oYa6mI&google_cver=1&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys96fOPfevZ9aheo2yBXxMWrY4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMTEQtMTYtOEw4Vg==&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys96fOPfevZ9aheo2yBXxMWrY4

Request Chain 137

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik

Request Chain 139

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

142 HTTP transactions
9 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.xn--82cz3bcub1a.com/ 114 KB
13 KB 413ms
318ms Document
text/html 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / PHP/7.3.14
Resource Hash: 49f0343ae8f50358f6b534a4bf4c04107df5119a2f413eb9acb07360d84a68d9

Request headers

:method: GET
:authority: www.xn--82cz3bcub1a.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-type: text/html; charset=UTF-8
vary: X-Forwarded-Proto,Accept-Encoding,User-Agent,Host
x-powered-by: PHP/7.3.14
last-modified: Sun, 06 Jun 2021 20:49:08 GMT
cache-control: max-age=0
expires: Sun, 06 Jun 2021 21:04:39 GMT
cf-cache-status: DYNAMIC
cf-request-id: 0a84bd6bbc000096f824af5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=POVq5LSDFrKDCOHvSmsUuYuxzeMrM%2BJcb%2BlKqMAyLU7Drh8cacxQPPhSmTaqtl8EgQvqNtKeJeXvqdM11yfNhKEji1CG%2Bqrr3B933HOUltnVaPS3HZKbYFecEXL7tbHMZQ2Y2yIbrcpkXgJz2pXFdxk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 65b49825fd2096f8-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H3-29 200 style.min.css
www.xn--82cz3bcub1a.com/wp/wp-includes/css/dist/block-library/ 52 KB
8 KB 317ms
215ms Stylesheet
text/css 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/css/dist/block-library/style.min.css?ver=26932899171ff632c35b6ad8faf89f64
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d

Request headers

:path: /wp/wp-includes/css/dist/block-library/style.min.css?ver=26932899171ff632c35b6ad8faf89f64
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 22401
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db700001f1906963000000001
last-modified: Thu, 07 May 2020 07:06:39 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=R7%2BufVTpsnekj8nQk5dikc2Kw9Dng%2FWCfR3iNLRJ3xIf9KP72P44VDEd547ysmj2sMK5En7F3hyAYkd1KiYOkNPH6U5YHaBaFJZrZDheuVPCCwNXr0qnBvkJHQQexNqrzB%2FlZiRp1Kzu5oU73eahhsA%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fe31f19-FRA
expires: Thu, 05 May 2022 22:33:31 GMT

GET
H3-29 200 style.css
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 423 KB
52 KB 305ms
203ms Stylesheet
text/css 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae527135a3acdc3971662044dd3869265fcbfacaab816949604b0d37dba6a314

Request headers

:path: /app/themes/thailotto/dist/style.css?ver=202007051200
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3480653
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db800001f19432f8000000001
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=9Arml6y%2B9RgWnLaVHKJDR19jem3icjwrEXRWC001sICoux8yCD7%2FLKdIrW9agJVr7UcZRP07MrSS8CGORVDf8zUkipKyJSA5j9mWyHeg9sHQ4rZASAG7FGFCO2TVudmG43iDy8tjYiEJnRcQVsS%2BfTs%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fe21f19-FRA
expires: Sat, 23 Apr 2022 22:33:20 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 134 KB
48 KB 200ms
98ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bca58cb91d0442fbc4394a6675603165ecaa067a92f4f6e115e34dfa2833a37a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48419
x-xss-protection: 0
server: cafe
etag: 13744972075384101287
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 21:04:39 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 81 KB
32 KB 91ms
90ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NG7CZJ7

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

500ace68eca4eb16cccd86402f9cf3888a652a54c270db4f362fc6c6245a0622

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32358
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:39 GMT

GET
H3-29 200 bundle.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 568 KB
146 KB 316ms
215ms Script
application/javascript 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/bundle.js?ver=202007051200
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 16a7b7a50d09178946d64f7fb089f476e501039661dfcea0f584ceb001832b31

Request headers

:path: /app/themes/thailotto/dist/bundle.js?ver=202007051200
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 22401
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db800001f19f71cc000000001
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=qW%2Bu8l7t35Fh4IvE4R5rDGa3TWq8bSSpNsgPgwhhUgvfzmSw%2F5CpYOKiNIxHNSKLfTKDwBNqw2Md80VDQsHYGXMPPI%2BYiQcoz5pCEXIyeky6F1N9%2FvFdSec2qrCNF4lxOshvXtwVUd5xWqAK6xE6Csk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fe81f19-FRA
expires: Sat, 23 Apr 2022 21:36:02 GMT

GET
H3-29 200 navigation.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/js/ 3 KB
2 KB 209ms
108ms Script
application/javascript 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/js/navigation.js?ver=20151215
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

Request headers

:path: /app/themes/thailotto/js/navigation.js?ver=20151215
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 22401
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db900001f194fad2000000001
last-modified: Thu, 07 May 2020 05:02:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=7cgTqtkjxNFgLD5rcynZnmcefucrPQYwSHCbHWztP9NZuugnD4vZ%2Fk4Zi1Vch4D%2Bt9YiZmBi%2BkF25Z%2FOkpqAJeA5xwrSorhXsJ5w5BWTx1TsfBMXnEV3lBojbE6faquNN1Rv0xE91pNLOn5JdJmu%2B54%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fef1f19-FRA
expires: Sat, 30 Apr 2022 05:37:18 GMT

GET
H3-29 200 skip-link-focus-fix.js Show response
www.xn--82cz3bcub1a.com/app/themes/thailotto/js/ 685 B
978 B 315ms
215ms Script
application/javascript 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/js/skip-link-focus-fix.js?ver=20151215
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2

Request headers

:path: /app/themes/thailotto/js/skip-link-focus-fix.js?ver=20151215
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3081357
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db800001f194d108000000001
last-modified: Thu, 07 May 2020 05:02:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FtZM5W05CG83a4c4RlccxnbAeVZaSvtxkmFU%2BTqPYwzmrUUHXYSMSITof2HIo0ZhJWWMlw1MLKDT9m%2BlBMo3cQ7ZahOXXR%2FPd47ygbOqTtZCvVltNLkbX3qzli8iSmZ2YNLVc%2Fi%2BWIlWBxXoZ4DrSW4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fe71f19-FRA
expires: Sat, 23 Apr 2022 23:18:40 GMT

GET
H3-29 200 wp-embed.min.js Show response
www.xn--82cz3bcub1a.com/wp/wp-includes/js/ 1 KB
1 KB 200ms
101ms Script
application/javascript 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/wp/wp-includes/js/wp-embed.min.js?ver=26932899171ff632c35b6ad8faf89f64
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0

Request headers

:path: /wp/wp-includes/js/wp-embed.min.js?ver=26932899171ff632c35b6ad8faf89f64
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3081357
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db700001f1935b0a000000001
last-modified: Thu, 07 May 2020 07:05:16 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=jxztP63ogt7FZrtF3ylfyaKtfpMbeHFaWBt%2BVdcqloVRwlXlXNpdqJe17ljN5hy8ulcoQj3b22DCemcRqFNlbCxW79UH4SOIiy3crxbkVkDHyt3nezVwJmw7ZLSPq11mVuBFLuPgo1HPNL1KiQ%2B0bzc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fde1f19-FRA
expires: Sat, 23 Apr 2022 23:18:40 GMT

GET
H3-29 200 lazyload.min.js Show response
www.xn--82cz3bcub1a.com/app/plugins/wp-rocket/assets/js/lazyload/12.0/ 5 KB
3 KB 302ms
203ms Script
application/javascript 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c

Request headers

:path: /app/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3081357
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6db800001f1929963000000001
last-modified: Thu, 07 May 2020 07:12:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=90PzUzyeaT30BlOTPLNAS4TxA58L2bx2gUO6jHwyxepQ9F21FMY4ndFasUccKOi2TgenEc5vH9ffOtPHh9Z7BFfwqJMkPY0vNyktVmYFhF%2Fb5fPpWBVjGEoNE4wul60x0Mm%2BUl1jehL5VVyaIPrOEPc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
cf-ray: 65b498292fda1f19-FRA
expires: Sat, 23 Apr 2022 22:33:21 GMT

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 15179bcf587735652ddf7a4af0ed500881cb4b4eaf3effce1719c1d3de17f79d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: aaf69f969c85107828b863ad90f70534c60fc64cbb1a7f3e28d78692d8854db5

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6c1b2722be99e0f2c4cd70c48f342eb543a3ee0bec1b5dc6f1d72b034e013b47

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 69 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 891a6edbc3040f9b3b23062108409d20b4345e3179f3a9da3e5fdc195782befd

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 thai-lotto-bg.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 28 KB
29 KB 390ms
298ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/thai-lotto-bg.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bfdbc7767ae7b53a96fa8e5a2c22ed7ab9b86b2308048a17544e64b0fdd201f1

Request headers

:path: /app/themes/thailotto/dist/images/thai-lotto-bg.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 28928
cf-request-id: 0a84bd6db900001f1929964000000001
last-modified: Thu, 07 May 2020 05:02:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2PqrtfCb5N8zjgOwCI4f4fFZYRW1fI88WGJhMpoFSKYjh8GyJ36OEDPPO1Wdzgd%2Bj6xleT2F9U1TJuw8xGqZEYlIbLXm72pHpK9%2FdZALePkqJWXENl5O0FhSDQJnO5JCI9RBmx31rLZ9GRElycY1E9A%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b498292ff01f19-FRA
expires: Tue, 24 Aug 2021 02:49:53 GMT

GET
H3-29 200 lao-lotto-bg.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 30 KB
31 KB 286ms
196ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/lao-lotto-bg.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ad37f410ad2a0d20e6cf196f1b39beac83525f9e1904b794d9e482c11d8ef8c1

Request headers

:path: /app/themes/thailotto/dist/images/lao-lotto-bg.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 31001
cf-request-id: 0a84bd6db600001f1945adb000000001
last-modified: Thu, 07 May 2020 05:02:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gEfjs9m5kKoKl69%2FT1mETVzh6eoOc4IjFdorlsQxTLZn9K%2Bsm2sn%2FxDsz7QBaOQJHPY5q%2Fa2NC43kxI3Cxr8vRQVbvvEMgBgSgF%2FOmEWCX8EQlKTFBqvjQrd2P6AfLxsoteP5dVe%2B8cNO%2BE3i8hbirk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b498292fd61f19-FRA
expires: Sat, 25 Sep 2021 08:28:14 GMT

GET
H3-29 200 hanoi-lotto-bg.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 36 KB
37 KB 199ms
108ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/hanoi-lotto-bg.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 95a11bf226eb967aff4b75d4d0e278de82d38e7a1ed4b052e2157f8764288ab7

Request headers

:path: /app/themes/thailotto/dist/images/hanoi-lotto-bg.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 36723
cf-request-id: 0a84bd6db800001f19ed210000000001
last-modified: Thu, 07 May 2020 05:02:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bF43lKX7LmksCTQqZ86IA1i92CLWwtGMn0YDXn4ew31JQGLBnsci7Sw7m3uEVb5FBcWUHdunHpjzPFQoc1Zj6u%2Fk5RpmCBuqTB1WjVzc%2BxYlt2ryB3egNg5LV9Uc3tparXGUIUS3caHhMA3IIkoUXkQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b498292fec1f19-FRA
expires: Sat, 25 Sep 2021 08:28:14 GMT

GET
H3-29 200 csprajad-webfont.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 11 KB
12 KB 289ms
289ms Font
application/octet-stream 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/csprajad-webfont.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 09a4be40c90137d981d4518d5b5ccb527d29e369e432e9c5ee092aa638049f80

Request headers

:path: /app/themes/thailotto/dist/fonts/csprajad-webfont.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.xn--82cz3bcub1a.com
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:39 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:15 GMT
server: cloudflare
age: 1298
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HyQoSsKz0oCNg0r9NfUujadSZFrXB8uupOjbTz%2FCkR9h3NOCF5WwshQmQ1UvD4oVZ4UuzTmz53Jj8QbaLZr3yTkJrP11vy%2FUshRwbfnr897OUXhBZE8jRPNFRR1b%2FEiAN%2BqRQjSxHy1txsY74NMGr3c%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65b4982938061f19-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd6dc000001f1935b0c000000001
expires: Tue, 22 Jun 2021 23:21:20 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/ 232 KB
86 KB 44ms
31ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1960034280122131&plah=www.xn--82cz3bcub1a.com&amaexp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0d5f76008f1784b20b99d51741b2f8b8bbee28d5f2950ca2cf4226b6d61b1344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87637
x-xss-protection: 0
server: cafe
etag: 15632250250964762239
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Sun, 06 Jun 2021 21:04:40 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/ Frame 17EC 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:809::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210601/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210601/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sat, 05 Jun 2021 23:22:09 GMT
expires: Sat, 19 Jun 2021 23:22:09 GMT
content-type: text/html; charset=UTF-8
etag: 15349191498103243965
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4506
x-xss-protection: 0
age: 78151
cache-control: public, max-age=1209600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NG7CZJ7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6797
date: Sun, 06 Jun 2021 19:11:23 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Sun, 06 Jun 2021 21:11:23 GMT

GET
H3-29 200 logo.png
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 15 KB
16 KB 20ms
19ms Image
image/png 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/logo.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0afbdd068bd9e7ab578552a0b8fa4024a01415f0951f99771e73576acee1ee3

Request headers

:path: /app/themes/thailotto/dist/images/logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3081358
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15576
cf-request-id: 0a84bd712200001f19368e5000000001
last-modified: Thu, 07 May 2020 05:02:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=821RJ32%2B6EfGaJeyKz48DWo%2BuHa3eAl73xRO5LdIz%2F2HpZSGpXIF7ly2oSCUCrN1RjVGtt6xPAAVNCuN5Il%2BLvd1qjXEQH969Y2BF26lrTy6qBW%2FgOHHZKq6WK7rWdD4HQxKa2OV141ovyTMrGYS4Gg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b641f19-FRA
expires: Sat, 21 Aug 2021 23:18:41 GMT

GET
H3-29 200 %E0%B8%9C%E0%B8%A5%E0%B8%AB%E0%B8%A7%E0%B8%A2hanoi-4664.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/06/ 377 KB
378 KB 58ms
57ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/06/%E0%B8%9C%E0%B8%A5%E0%B8%AB%E0%B8%A7%E0%B8%A2hanoi-4664.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ab129d8df68b1617e82f795c6063a0ba81a47b320cbc0c6f904bd04f5072b18

Request headers

:path: /app/uploads/2021/06/%E0%B8%9C%E0%B8%A5%E0%B8%AB%E0%B8%A7%E0%B8%A2hanoi-4664.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 386010
cf-request-id: 0a84bd712300001f19e0198000000001
last-modified: Fri, 04 Jun 2021 06:59:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=mK%2FWYf79hfDvw65qQnJAeGL38SaHy9%2Bm%2FfFUI9FrSd1lxLEdHkJ1hPqGFZZT27hagO6kEjgmKJF6SVrbHpJc5lmBliTpRCabfeqrmhHO6%2BiPvPkqkJB8%2BfAWO5LTY2t2RshDYpPXTEREX8ymgHv6dZE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b681f19-FRA
expires: Sat, 02 Oct 2021 06:59:37 GMT

GET
H3-29 200 fire-dream-web.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/06/ 136 KB
137 KB 21ms
20ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/06/fire-dream-web.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab83a4d15412f1d8d9c50e79068e5a124522045900e99d4c36613364b03f40f5

Request headers

:path: /app/uploads/2021/06/fire-dream-web.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 139592
cf-request-id: 0a84bd712300001f1918930000000001
last-modified: Fri, 04 Jun 2021 03:27:50 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=YqQzYW%2FonZdmCMFoMuZT27MeBLRsvzkRZX5UnyxdS9ZI1i0eRiBx32XQ7XnIfU4KxVA7zCgZvAW2BNEFKGOB%2FiM1djMxhiy5cqTNvbLp9DsNUkXjxBfpoKxRVSqtQPUQeoqZUzLB4s6H7GFDxDCW6mg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b691f19-FRA
expires: Sat, 02 Oct 2021 06:10:31 GMT

GET
H3-29 200 New-Millionaire-1st-June-2021-WEB.png
www.xn--82cz3bcub1a.com/app/uploads/2021/06/ 152 KB
153 KB 28ms
27ms Image
image/png 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/06/New-Millionaire-1st-June-2021-WEB.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5a22ea1e669787ee69ddf4c18c21bac7a86c6a7b1b85ede1242c177facc3a721

Request headers

:path: /app/uploads/2021/06/New-Millionaire-1st-June-2021-WEB.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 156148
cf-request-id: 0a84bd712400001f193dbba000000001
last-modified: Wed, 02 Jun 2021 07:16:25 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pEMPxZArzaWO0ZGQPtoHdyr0QgRWs8IrtGsP1LA839lcfNjPdxIyiQt6GOEKpmYARmjt40ZMHZpzqTAbyMQABNwKXkwJpxZA8RZLqeumzsNCB21RmU6X%2BA8IT0OB7v2WsfC3RhoExQT0P8AMZDJH81Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b6b1f19-FRA
expires: Thu, 30 Sep 2021 07:16:52 GMT

GET
H3-29 200 ant-dream-web.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/06/ 147 KB
147 KB 27ms
26ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/06/ant-dream-web.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c68a8cea7cba0e5fdc3d152ba4b06a41beff8da3953c4b231529bd7a744c5a2

Request headers

:path: /app/uploads/2021/06/ant-dream-web.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 150115
cf-request-id: 0a84bd712800001f193dbbb000000001
last-modified: Wed, 02 Jun 2021 06:29:08 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l0Qi0E4qKg6FVbBw8DqFwWoPfAX4SJQgKwH3kEu3Fb6HyOsaUhPbjNT%2B2jU5NOaBplI%2FIDD%2BRK%2FmlHmH3VnN4GrrMv0wdwNuJoCkanqzl498uaSdM1ujm23uCS3BPE8X0p9cMlwhE70w9xSo8lBhpzo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b6c1f19-FRA
expires: Thu, 30 Sep 2021 09:35:07 GMT

GET
H3-29 200 Dreaming-See-Buffalo-WEB.png
www.xn--82cz3bcub1a.com/app/uploads/2021/05/ 1 MB
1 MB 45ms
44ms Image
image/png 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/05/Dreaming-See-Buffalo-WEB.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d23c5b64267e68b97dc70189291c94a5667ea5909da15611dd203dce3c1ead9c

Request headers

:path: /app/uploads/2021/05/Dreaming-See-Buffalo-WEB.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1104068
cf-request-id: 0a84bd712400001f19578cb000000001
last-modified: Mon, 31 May 2021 08:10:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=wLlj%2BjkFfv%2BxE7ijMOh21GtjqDhv%2BbJkyYrHwIlYePrCLKrPCwX88266%2BDlMXHcxhoqDHv07YUgFvCGY3uWMQc%2BC6rU6%2FxdR7%2FOYbav%2FHehI5THwXRKhOM4WU%2FbEUYQqDIcHm%2BvE5JLKDGQQV%2F6v94k%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b6e1f19-FRA
expires: Tue, 28 Sep 2021 08:13:31 GMT

GET
H3-29 200 %E0%B9%80%E0%B8%A5%E0%B8%82%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%9401062564_%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AB%E0%B8%A7%E0%B8%A21200x675.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/05/ 208 KB
209 KB 125ms
124ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/05/%E0%B9%80%E0%B8%A5%E0%B8%82%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%9401062564_%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AB%E0%B8%A7%E0%B8%A21200x675.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cccf755fdc293fe7425b5f7ef8b5926f5b9d370a6f5e02626797a4607c943168

Request headers

:path: /app/uploads/2021/05/%E0%B9%80%E0%B8%A5%E0%B8%82%E0%B9%80%E0%B8%94%E0%B9%87%E0%B8%9401062564_%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AB%E0%B8%A7%E0%B8%A21200x675.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 212868
cf-request-id: 0a84bd712400001f19390bf000000001
last-modified: Mon, 31 May 2021 10:07:32 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=BVVg0U40neTHKqtblJrOjpbIlC8yEd6F%2FpciSFGn8xARJXpwgwsO8r8QyTJGRYkGm1K0XzZzlHMtrU8cSy8lAu%2FZOAzk2OzSsQ7thLLLzJbbvXZJAfwy2wrJSC8FDNfmGFYBp%2Fq5GhX5lmkKzNW8Y4M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982e9b6f1f19-FRA
expires: Tue, 28 Sep 2021 10:07:46 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
603 B 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b42caef1a29745971a3cb0ae39444bad3338dc56e3b08972af775eb13030ec93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 06 Jun 2021 20:52:40 GMT
server: ESF
date: Sun, 06 Jun 2021 21:04:40 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 06 Jun 2021 21:04:40 GMT

GET
H3-29 200 Checkduangjune.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/06/ 101 KB
102 KB 108ms
107ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/06/Checkduangjune.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e88d81f5c490686f6d2d41c572b963c1088f48a1ee6994b6996c2f15af4a756e

Request headers

:path: /app/uploads/2021/06/Checkduangjune.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 103335
cf-request-id: 0a84bd713d00001f19319eb000000001
last-modified: Wed, 02 Jun 2021 10:03:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=auC0aZG2H14bUbZoJTAR3ZwT%2BTcXUeJ9YDn6WVbtinKcDleApvSrWkVHpSvZhbbD5I1%2Bxt%2BWAnPhJQdHYG5u9UGz%2Fq%2B38YPh9GgEd44zLsyD5msJl%2FEZ86LqkvTi8k6TV%2BhGhdMFEus9QHGnleLKDT4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982ecbd11f19-FRA
expires: Thu, 30 Sep 2021 13:44:54 GMT

GET
H2 200 nKKZ-Go6G5tXcraBGwCYdA.woff2
fonts.gstatic.com/s/kanit/v7/ 13 KB
13 KB 8ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v7/nKKZ-Go6G5tXcraBGwCYdA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

185c8f0ba5c84bb93c5ce2c23f353a9f5db8d4b7cdb4a03d816867c2a3871ed0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.xn--82cz3bcub1a.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 00:37:23 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 05:14:13 GMT
server: sffe
age: 419237
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13252
x-xss-protection: 0
expires: Thu, 02 Jun 2022 00:37:23 GMT

GET
H3-29 200 set-lotto-bg.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 33 KB
34 KB 89ms
89ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/set-lotto-bg.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 702e78ba02b2aa91b7629a42cfccb096bdefd0e5ad948023e9788e80a77bfef5

Request headers

:path: /app/themes/thailotto/dist/images/set-lotto-bg.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 33910
cf-request-id: 0a84bd715300001f192736d000000001
last-modified: Thu, 07 May 2020 05:02:13 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HSPhH4LOgKrh0EvYJ%2BL70IDah6ZsZBJbjLzHJIRBVOEmKOTdX0pBQYSWRHceqN35acPrHFB7hJahk1wbn9nqQ4%2Fd98Mh1piSjiqGMqefjWyRR0xk6FMPHhC%2BeaCwdE718rJouO%2FP1xdaU5hNrxOcl8o%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982eec151f19-FRA
expires: Thu, 16 Sep 2021 08:49:53 GMT

GET
H3-29 200 malay-lotto-bg.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 50 KB
51 KB 92ms
91ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/malay-lotto-bg.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18126d8482e63d62e73f2e16b08ddbd033be507cec6c4c6b8c89954ed77f58a1

Request headers

:path: /app/themes/thailotto/dist/images/malay-lotto-bg.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51637
cf-request-id: 0a84bd715300001f192c3c8000000001
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=DiUH1Xw8EDSamyxv%2FG6cNK2Zvn%2BwUhHtS%2BCmV0pnEFLandCzSNr4ZH0%2B1DE1lb8sMvNFrglgH8pDP2vAwlFkwtlmu1ONU%2F7o%2BCL19FVlz7sdDKERzAGRruOJfe5gmJazEouK1%2Bzsru%2Bv8fjbrd74buI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982eec171f19-FRA
expires: Tue, 24 Aug 2021 02:54:56 GMT

GET
H2 200 nKKZ-Go6G5tXcraVGwA.woff2
fonts.gstatic.com/s/kanit/v7/ 19 KB
19 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/kanit/v7/nKKZ-Go6G5tXcraVGwA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Kanit:400,700&display=swap&subset=thai

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.xn--82cz3bcub1a.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 19:15:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Sep 2020 05:14:17 GMT
server: sffe
age: 438544
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19040
x-xss-protection: 0
expires: Wed, 01 Jun 2022 19:15:36 GMT

GET
H3-29 200 nav_menu_tree.jpg
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/ 24 KB
25 KB 92ms
91ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/images/nav_menu_tree.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1381f68a6b37e14e40c56d40db12aadabb56dba213d5ae57b3e3921486b51b8f

Request headers

:path: /app/themes/thailotto/dist/images/nav_menu_tree.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 3081358
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 24614
cf-request-id: 0a84bd715700001f19ed25e000000001
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Hurrh6EFMGNENhmTX1dwl6rNS5SsnOCHa39yNmYRJI8Nxzl1b1P66AsHTvjEVkQEWzKk1zSG9W1vFY2cE%2BVZ5Bxjda4huQr2dEEL2yjaYBR4iqNxFPpnAo%2FTGP1icGXaS2l1wvCGNKEAuTPn3PWJ6mY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982eec271f19-FRA
expires: Sat, 21 Aug 2021 23:18:41 GMT

GET
H3-29 200 fa-regular-400.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 13 KB
14 KB 92ms
91ms Font
application/octet-stream 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/fa-regular-400.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6

Request headers

:path: /app/themes/thailotto/dist/fonts/fa-regular-400.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.xn--82cz3bcub1a.com
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:14 GMT
server: cloudflare
age: 1299
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=rK8Sw5Zf2mVEzDVlGsgAe8%2BGHuCJKwjuf0h15dkw4RJ8YINGYjNtEqj%2BqvicsFeMRLGYTIj8LTqwSa79AAgCIS8JcLAhxli1vwbY%2BKAhIlV9DsyUBC7vb8EyCrIYSZCl3BaJQwuFlrU%2B0QLgeLBNJ0w%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65b4982eec2a1f19-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd715700001f190c11e000000001
expires: Tue, 22 Jun 2021 23:21:20 GMT

GET
H3-29 200 fa-solid-900.woff2
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/ 74 KB
75 KB 92ms
92ms Font
application/octet-stream 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/fonts/fa-solid-900.woff2
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4

Request headers

:path: /app/themes/thailotto/dist/fonts/fa-solid-900.woff2
pragma: no-cache
origin: https://www.xn--82cz3bcub1a.com
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: cors
accept: */*
cache-control: no-cache
sec-fetch-dest: font
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.xn--82cz3bcub1a.com
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
last-modified: Thu, 07 May 2020 05:02:15 GMT
server: cloudflare
age: 1299
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=m5DOi1%2FyPTD8PcRWpbGkgvWeoPHx4o75LIyri5SQK3GpEImRL0oQCbI7hDRrIGb3pO5PJrB6vTF%2F5ML%2FIGiSmv65puIDzOMwGJxqyHOux2ZzYIOEjQy4PAHdw%2BAhtE0GkwMBEGCWFiIGrBEWcHFisQc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=2592000
nel: {"report_to":"cf-nel","max_age":604800}
cf-ray: 65b4982eec2c1f19-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-request-id: 0a84bd715800001f19210b5000000001
expires: Mon, 28 Jun 2021 21:57:43 GMT

GET
H3-29 200 guide-lines-lao-31-05-64.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/05/ 51 KB
51 KB 31ms
30ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/05/guide-lines-lao-31-05-64.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 14b8f67ab8ebd70ddee64b2c8a4c0997ddb1ad03e2ecfb73deefa8ab94275aba

Request headers

:path: /app/uploads/2021/05/guide-lines-lao-31-05-64.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 51859
cf-request-id: 0a84bd71a300001f19f4918000000001
last-modified: Mon, 31 May 2021 04:13:04 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=%2FSbOIyC17byfHPluVF%2FjjRvP8i9%2Bhc4oWx%2Fo1hTRJsNylRXiF5uyGne%2FB9pImaYpAtBuE1vv1qJAC8L9IpWytnQH1cJMZprtabMv%2F2%2Bh32UcnGcAYOfjdPSSGIq627S85JQv3LXkNumG0MpKUXPaaA0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982f6d3e1f19-FRA
expires: Tue, 28 Sep 2021 08:36:29 GMT

GET
H3-29 200 bear-dream-web.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/05/ 87 KB
87 KB 43ms
42ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/05/bear-dream-web.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b05353c18b63e543aa04bcc183e22dfae533cc8f05a5d4530bdcf492fb75b31c

Request headers

:path: /app/uploads/2021/05/bear-dream-web.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 88885
cf-request-id: 0a84bd71a300001f19210be000000001
last-modified: Mon, 31 May 2021 06:56:27 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ALxnUW3tyj8mcuVQfCMOxYQjJ1c%2BWlpZ4Syx7HdNWn1uv9DitSXjtMTZ2pPcaGcoTnG%2BQfeJWJAQqPIBwfvaaxANwx2RsNZgF9emmrbHvW2XtDNc9xq0H%2BqGaPwPODl9xWFIhoqr77JG1Hy5fvDQ7dc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982f6d401f19-FRA
expires: Tue, 28 Sep 2021 06:56:56 GMT

GET
H3-29 200 28.05.64-2.jpg
www.xn--82cz3bcub1a.com/app/uploads/2021/05/ 97 KB
98 KB 22ms
20ms Image
image/jpeg 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/uploads/2021/05/28.05.64-2.jpg
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2801726ea332e2c942f87fbb92b640aa6e983978426669e9d3e13b471ea096cb

Request headers

:path: /app/uploads/2021/05/28.05.64-2.jpg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 99677
cf-request-id: 0a84bd71a400001f194802e000000001
last-modified: Sun, 30 May 2021 03:35:00 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=pzJEDUAVwAp9phyH%2Ff53PAk89JJF%2BhAoIzh8Tzmim5N3aY2U3W05GeGcGl9Tu8llMb0Q0HALOQ8s%2Bq6WXfYe4U4Rw%2FXoNON9IY%2BHYpktkNTcEItg0Ax7r6BAYNtMpbW93DXpkmafF9M9Wr7YOhEG3sI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982f6d421f19-FRA
expires: Tue, 28 Sep 2021 07:12:45 GMT

GET
H3-29 200 mCSB_buttons.png
www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/ 3 KB
4 KB 24ms
23ms Image
image/png 2606:4700:3036::6815:3c07
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/mCSB_buttons.png
Requested by: Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:3c07 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e98cac48f5c13b3fbaa28458f0d8f26a78c9d944f8f4edad9abcb249b9028ca7

Request headers

:path: /app/themes/thailotto/dist/mCSB_buttons.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.xn--82cz3bcub1a.com
referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.xn--82cz3bcub1a.com/app/themes/thailotto/dist/style.css?ver=202007051200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
cf-cache-status: HIT
nel: {"report_to":"cf-nel","max_age":604800}
age: 1299
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2998
cf-request-id: 0a84bd71b300001f19f31af000000001
last-modified: Thu, 07 May 2020 05:02:11 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: X-Forwarded-Proto,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=oFx2cLojr5Zukw7Dy1pt%2FUMlK%2FlNvNpT8icrXLIiZsXScQgKmfmPt4ixBqLcATKLBOkVPdwKJEmFIicpVNo6jR3Aa5%2FSIaN%2FmEjGY7OAZntje%2FTvoN%2Fg23RHqMBBXra7qidCQq%2BUk72scO4sskmExAI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=10368000
accept-ranges: bytes
cf-ray: 65b4982f8d801f19-FRA
expires: Sat, 21 Aug 2021 22:33:23 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 13ms
13ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=470307220&t=pageview&_s=1&dl=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&ul=en-us&de=UTF-8&dt=%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AB%E0%B8%A7%E0%B8%A2%20-%20%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AB%E0%B8%A7%E0%B8%A2%20%E0%B8%95%E0%B8%A3%E0%B8%A7%E0%B8%88%E0%B8%AA%E0%B8%A5%E0%B8%B2%E0%B8%81%E0%B8%81%E0%B8%B4%E0%B8%99%E0%B9%81%E0%B8%9A%E0%B9%88%E0%B8%87%E0%B8%A3%E0%B8%B1%E0%B8%90%E0%B8%9A%E0%B8%B2%E0%B8%A5%20%E0%B8%87%E0%B8%A7%E0%B8%94%E0%B8%A5%E0%B9%88%E0%B8%B2%E0%B8%AA%E0%B8%B8%E0%B8%94&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=2128681310&gjid=317057248&cid=391576633.1623013481&tid=UA-153146014-2&_gid=1095945709.1623013481&_r=1&gtm=2wg621NG7CZJ7&z=112218243

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:40 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.xn--82cz3bcub1a.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 209 B
648 B 118ms
58ms Script
text/javascript 142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.xn--82cz3bcub1a.com&callback=_gfp_s_&client=ca-pub-1960034280122131

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210601/r20190131/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1960034280122131&plah=www.xn--82cz3bcub1a.com&amaexp=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

bd6e10b962ac8a3b08eb400fb34f375246681836625f5d29e7946d6ca7198ec7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 199
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
799 B 36ms
16ms Script
application/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
317 B 16ms
15ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CFC3 16 KB
1 KB 104ms
103ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1623012548&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013480715&bpp=2&bdt=1037&idt=192&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1643070725622&frm=20&pv=2&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=229

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fbac840dc5788c77878f5810621ff2188019ae682e3f33040d733868f2ad7d12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&adk=1812271804&adf=3025194257&lmt=1623012548&plat=1%3A32776%2C2%3A32776%2C8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013480715&bpp=2&bdt=1037&idt=192&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&nras=1&correlator=1643070725622&frm=20&pv=2&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=229
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Jun 2021 21:04:41 GMT
server: cafe
content-length: 1319
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Sun, 06-Jun-2021 21:19:40 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
28 KB 34ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:40 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622805992319560"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28149
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:40 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 30ms
16ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 32ms
18ms Script
application/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.xn--82cz3bcub1a.com

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 0D11 75 KB
26 KB 536ms
536ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1b038d32bcc3c7474e373bd69201d7fa600c6bb953edc125685d2c884b44d140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Jun 2021 21:04:41 GMT
server: cafe
content-length: 26840
x-xss-protection: 0
set-cookie: IDE=AHWqTUmXn1cES90f735UvZzPnJGkWc0vftk2XY1laUEnpqwqqLNbzth6tj3V2oiYzUs; expires=Fri, 01-Jul-2022 21:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 55A0 72 KB
28 KB 820ms
820ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

84af59f1495afce65cc848eadff0abcf24460f84dc09980c3df494aee501e753

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Jun 2021 21:04:41 GMT
server: cafe
content-length: 28578
x-xss-protection: 0
set-cookie: IDE=AHWqTUl6FBevsMssKdgRcfBCDXUnNtol9nWbINOC6izZ-MNvN0avQEz7B5bREJkaFPQ; expires=Fri, 01-Jul-2022 21:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 6AE0 72 KB
28 KB 342ms
342ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83d9791c028ea5e26c8766fa13143bbaeedbb1aa0932798be9386b48a1278a66

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Jun 2021 21:04:41 GMT
server: cafe
content-length: 28764
x-xss-protection: 0
set-cookie: IDE=AHWqTUl9AxG2CFNKJrZcjMCWR1KmPI2DlHMTm1E00oDZD2PtkdmapU9lqaF84jYEoWM; expires=Fri, 01-Jul-2022 21:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 435E 119 KB
39 KB 421ms
421ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6983b6253453cd7c61d714f6468e5eb6b4734c13ddba3b3fd77d73ebbf676322

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPnGirD0g_ECFdHbGAod5pUPxg&gqi=aTi9YLWxB4Pitweyl6xA&layout=/sadbundle/%24csp%253Der3%24/4197584976618968369/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPnGirD0g_ECFdHbGAod5pUPxg&gqi=aTi9YLWxB4Pitweyl6xA&layout=/sadbundle/%24csp%253Der3%24/4197584976618968369/index.html
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Sun, 06 Jun 2021 21:04:41 GMT
server: cafe
content-length: 40214
x-xss-protection: 0
set-cookie: IDE=AHWqTUkxYGbRT5A9epC6KLn0aSA5WCBQJan-mbPHelTohCQGRJdVTl9Wqr2FG9c3cPU; expires=Fri, 01-Jul-2022 21:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

GET
H2 200 161527197958731198
tpc.googlesyndication.com/daca_images/simgad/ Frame 6AE0 47 KB
48 KB 9ms
7ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/161527197958731198

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cd56bcb2963e1d86c609369266157968bfd1dc728b25c7c5e03ced39708ced20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 20:48:35 GMT
x-content-type-options: nosniff
age: 432966
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 48539
x-xss-protection: 0
last-modified: Sat, 13 Feb 2021 10:39:16 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 20:48:35 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 6AE0 17 KB
7 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7001
x-xss-protection: 0
server: cafe
etag: 17954294202796946299
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 20:55:41 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 6AE0 0
0 17ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CEX8XaTi9YJCtCZrMYtX2oJAK6dmNnWLe2Iib4AzFn7nrgBAQASC1h8N_YJUCoAHgodKZA8gBAqkCpYzRIahptD6oAwHIA8kEqgTWAU_Qm1F68uftULZRmivPD6ihhUxFBGrofUDwf0gYi3LkShv7J8U99M9Rz1Jp1157boK0sJc6srfdT8gvXvgxvXzn3Wq37Yy94T3jpqK-pkHBDJbVizRgArmFNMcaWjdWkNiGfWt7YhbDJqTNmwti8Pvp4LYmFytj5KhqOwKpMAtBaU352sRgWRa8Ze54S1-0K5XWri_P2PPxqOfwrhcnuJ5qrEKp_rm89SXNDApQX_TKboW_uO-yP8o6-hM2YuUe9xLJs9yFXiIBFyfOr3gOg-2VxSgj3B_ABKPBkt2yA5IFBAgEGAGSBQQIBRgEoAYCgAeI3q1mqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcB8gcEELbLAtIICQiA4YAQEAEYH4AKAcgLAdgTDNAVAYAXAbIXGgoYCAASFHB1Yi0xOTYwMDM0MjgwMTIyMTMx&sigh=w_Mmt8h4lKk

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Jun 2021 21:04:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 6AE0 2 KB
1 KB 23ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:03:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:03:51 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 6AE0 122 KB
37 KB 27ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:41 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 6AE0 13 KB
6 KB 22ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:02:52 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 6AE0 0
0 14ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQMxn6Nh_EU882Od5ARzvJNHGPWw9zOMQ_I51Z8FSZ6Pbhi5sQ7hKGIUEBHBQNLRSWuMf6SvAYaAqaNoBd7qiIAe1RcHw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 6AE0 25 KB
10 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8c60d643e58946baee86cbad5d665082f2acbb595f5dbc337f2a9d3f5fe39e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3977
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10533
x-xss-protection: 0
server: cafe
etag: 2880717265082513417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 19:58:24 GMT

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E230 143 B
163 B 7ms
6ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl9AxG2CFNKJrZcjMCWR1KmPI2DlHMTm1E00oDZD2PtkdmapU9lqaF84jYEoWM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 06 Jun 2021 20:36:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1663
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame E652 1 KB
749 B 7ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 06 Jun 2021 03:04:19 GMT
expires: Mon, 07 Jun 2021 03:04:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64822
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 dpixel
cms.quantserve.com/ Frame E652 35 B
464 B 28ms
12ms Image
image/gif 2620:116:800d:21:8c6e:cf2c:8d6:9fb5
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHnp-LqkMVLtpOxuuGqSA3o&google_cver=1&google_push=AYg5qPLwxJ5QKYoiQZA28khat6t9n669Hs0uWOrjV7wm_KbonV9n5-C6FFliOiIoS-anQat82At3dVoTJM1_fmlZosNQCc-1esNe6A

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:8c6e:cf2c:8d6:9fb5 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 sync
odr.mookie1.com/t/v2/ Frame E652 43 B
608 B 68ms
24ms Image
image/gif 34.98.67.61
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEAt6bDMmnZ2NagHQdvulmNY&google_push=AYg5qPLKTF2qnVhnvqws2s5PQBixU0P_86Icu6a0Y_M94296W25qs3VnHEDALSiakuGAAJt0m8on5FRt0hfKSFoX8OvJPa-ZBUCm&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=318&adk=3938747458&adf=2447373366&pi=t.aa~a.914111605~rp.4&w=350&lmt=1623012548&nsk=c9e84f37&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x318&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308&nras=4&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=245&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=4&uci=a!4&btvi=3&fsb=1&xpc=cqFa29oUzA&p=https%3A//www.xn--82cz3bcub1a.com&dtd=15
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 61.67.98.34.bc.googleusercontent.com
Software: Apache /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
via: 1.1 google
server: Apache
p3p: CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif;charset=UTF-8
alt-svc: clear
content-length: 43
x-application-context: application
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E652
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEJtgyBcjNWSDoUIlXvgY2Ig&google_cver=1&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw
https://rtb.openx.net/sync/dds?google_gid=CAESEJtgyBcjNWSDoUIlXvgY2Ig&google_cver=1&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCx...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

170 B
188 B

71ms
37ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:40 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKab_L2UyOKuXEafhGJPVNXw_s8lN9-GsvTZGyFPVaC2pY9D-nurbrK8AR1FxbkwTZCq9zF9-PTKB6E4_LArDY2PsO3l3jCxw&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: k29o2r627qki4if8fu425o1unb6duktj

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E652
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKOUEpLc8osy3X93-XbYlWmQj2pzsd3MLh1orRWk8ytyZdqnqF1yOQWE0QoLXOpqDP13mckkttnSdDDH861SoaiDIcFI3Rh

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKOUEpLc8osy3X93-XbYlWmQj2pzsd3MLh1orRWk8ytyZdqnqF1yOQWE0QoLXOpqDP13mckkttnSdDDH861SoaiDIcFI3Rh
date: Sun, 06 Jun 2021 21:04:39 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E652
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEBYQsJkXXws-B4Ol2uJ3p4s&google_cver=1&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtz...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMQTYtMU4tTEc5&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtzeHJvcjbwDmeByes39aUs8_aAa

170 B
188 B

36ms
36ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMQTYtMU4tTEc5&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtzeHJvcjbwDmeByes39aUs8_aAa

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMQTYtMU4tTEc5&google_push=AYg5qPL3nA0fWNmJpEUZobwX8Y9k5FlEwFjc6oApSB9GBU4ucC9fTRbA2H6Vjct6D0XtXf5TXtzeHJvcjbwDmeByes39aUs8_aAa
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame E652
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKX...

0
0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame E652
Redirect Chain

https://googlecm.hit.gemius.pl/googleredir?rid=tknhntsqez&id=ndBK6L_fzwx7rssCbe8.iLes3yi8eMbF6r2JE6Xu.b7.N7&google_gid=CAESEI3bArzmYEmPjBZbb2Rwp90&google_cver=1&google_push=AYg5qPKTsyV4MQIWeCp7QFjg...
https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKTsyV4MQIWeCp7QFjgDbF5GR_V7YFI3SYJimSfS6iNHgPPPiZHbkVewYb2z16WOHb-qJ0a1Eb-d9iUMlfHHTaE7YFPTQiTWzU&google_hm=

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKTsyV4MQIWeCp7QFjgDbF5GR_V7YFI3SYJimSfS6iNHgPPPiZHbkVewYb2z16WOHb-qJ0a1Eb-d9iUMlfHHTaE7YFPTQiTWzU&google_hm=

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: GHC
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: https://cm.g.doubleclick.net/pixel?google_nid=gemius_adh&google_push=AYg5qPKTsyV4MQIWeCp7QFjgDbF5GR_V7YFI3SYJimSfS6iNHgPPPiZHbkVewYb2z16WOHb-qJ0a1Eb-d9iUMlfHHTaE7YFPTQiTWzU&google_hm=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Sat, 05 Jun 2021 21:04:41 GMT

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame E652 0
227 B 96ms
34ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kazlb2YWVhQHfjRHLAjT6mzEC3M6YqVFK0sBxm0ocToG-q0pc-ZblQFUo9pm-mBgp4AbjwTg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame E230
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUl9AxG2CFNKJrZcjMCWR1KmPI2DlHMTm1E00oDZD2PtkdmapU9lqaF84jYEoWM
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:41 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 06-Jun-2021 22:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:41 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 6AE0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb68981b34b98d228550bbc4404ff83789092468a2d6c8f0d13236b3665d2965

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame E911 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 20:06:02 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 11 KB
3 KB 7ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

815aa02acb9cacb5ea54be5d1d6854a1d2c05f0880b2158f6c5c395b64a5a038

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/4197584976618968369/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3397
date: Tue, 01 Jun 2021 07:53:06 GMT
expires: Wed, 01 Jun 2022 07:53:06 GMT
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 479495
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 48A7 0
0 18ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CaH6XaTi9YLnuCdG3Y-arvrAMkb7sm17Vhcr9nAqTm6XsgwIQASC1h8N_YJUCoAGH6Kv0AsgBCakCpYzRIahptD6oAwHIA0iqBN8BT9BZdjZMkrhbFjB946frHTJ4XjFd4X3uIUEkj-TiTEU8-l_I1E9GiPAdIsXNGPH8O6Yoff3Zpsv3esKs8UXcSADg7adhRwlAkVpfFd-lFICgs-0JIPDXdT5mVIfdmGxPq4f62IF6TsI3fi4xtyJWRMGBXzgvNk87SMGJDz3P25Qxl6FAyBlvPo9CvUNP3LHTW9tpTIxj4eeMy_26V-ZS-Etp3twT8xI8gtv1mbG7aj7cD46B1K21lUTuEWpN9WolsZBxrcej6WCpIMLYW0t0yoGKng63hm_jq8clTPpj-cAEp-rk1Z4CkgUECAQYAZIFBAgFGASgBi6AB-CW04sBqAeKnLECqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEILzA9IICQiA4YAQEAEYH4AKAcgLAdgTDNAVAYAXAbIXGgoYCAASFHB1Yi0xOTYwMDM0MjgwMTIyMTMx&sigh=s3mdVFTRtF0&template_id=419

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Jun 2021 21:04:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 48A7 17 KB
7 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite_fy2019.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7001
x-xss-protection: 0
server: cafe
etag: 17954294202796946299
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 20:55:41 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 48A7 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:03:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:03:51 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 48A7 122 KB
37 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:41 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 48A7 13 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:02:52 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 48A7 0
0 14ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS7v-Razc6M46MTpw5a8lND0hr6Y4RBLMIaQStKC9SfLxgXBnk5G8oWPJJQCDw0EGFA5TJNgF5QO5ec1HJUDTqWVipLVw
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0BA0 143 B
163 B 6ms
5ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmXn1cES90f735UvZzPnJGkWc0vftk2XY1laUEnpqwqqLNbzth6tj3V2oiYzUs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=77&adk=3355362039&adf=839174664&pi=t.aa~a.2356648001~rp.4&w=380&lmt=1623012548&nsk=b16969e6&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=380x77&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=1&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280%2C350x308%2C350x318&nras=5&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=990&ady=3487&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=5&uci=a!5&btvi=4&fsb=1&xpc=ZuVcbRTVkW&p=https%3A//www.xn--82cz3bcub1a.com&dtd=18

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 06 Jun 2021 20:36:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1663
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 204 gen_csp
pagead2.googlesyndication.com/pagead/ Frame 48A7 0
20 B 53ms
39ms Other
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CPnGirD0g_ECFdHbGAod5pUPxg&gqi=aTi9YLWxB4Pitweyl6xA&layout=/sadbundle/%24csp%253Der3%24/4197584976618968369/index.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 48A7 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3858c5a6440cc4f1dfa20017a3216f98a22130c6a78c66c56a75ec14990e5176

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 7056 9 KB
3 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 04:11:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 60770
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 07 Jun 2021 04:11:51 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 7056 26 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:37:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1637
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Mon, 07 Jun 2021 20:37:24 GMT

GET
H3-29 200 HYPE-648.thin.min.js Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 53 KB
23 KB 8ms
7ms Script
application/x-javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/HYPE-648.thin.min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2baccefb5cede601d5fc018290c68a748e3199cf5c00cc77dbbf6491531d3592

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
age: 403172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23314
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Wed, 02 Jun 2021 05:05:09 GMT
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 05:05:09 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 0D11 3 KB
578 B 23ms
22ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sun, 06 Jun 2021 20:12:58 GMT
server: ESF
date: Sun, 06 Jun 2021 21:04:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sun, 06 Jun 2021 21:04:41 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0D11 1 KB
909 B 7ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:00:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 276
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 882
x-xss-protection: 0
server: cafe
etag: 11243716317595354070
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:00:05 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 0D11 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7001
x-xss-protection: 0
server: cafe
etag: 17954294202796946299
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 20:55:41 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0D11 2 KB
1 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:03:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:03:51 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0D11 122 KB
37 KB 16ms
14ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:41 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 0D11 13 KB
6 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:02:52 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 0D11 0
0 16ms
14ms Image
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRig8XwP6Fhg--DX8U6xsv-W5QBq5tKp98xw0qTobfOp9QLBcCaXpvxbGb1Q9f7Q2VMzRPhZrT_MzMtxmPaWglUHuRHTA
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 3b821d177d35ff0343c5a517c12ac1c9.js Show response
www.gstatic.com/mysidia/ Frame 0D11 25 KB
10 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3b821d177d35ff0343c5a517c12ac1c9.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:05:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7179
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10549
x-xss-protection: 0
last-modified: Wed, 02 Jun 2021 00:10:36 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Sat, 04 Sep 2021 19:05:02 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 0D11 0
0 19ms
17ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cpl0UaTi9YMjLB8jM1fAP3J2P0An894SRY5zY1NuvDZaCzYWIFhABILWHw39glQKgAefp1dUDyAEJqQKljNEhqGm0PqgDAcgDywSqBM8BT9BG4tSLmTj_QG7npFUVz2kPNY_QcV_ZCq9wrZlRkMYSjzAPQneGR1aZPhHjCVQ-IFo9p7GkIHChnibTzzuSLp4ymasb_F84A8eWEpitCEJqhm_z1kltuMKT9eaInTVEW6r8Q_wi3KO9GLIeeJytJ0pmB3Lce0aXZSMOKPr9ndao3a2TRA8ricwvzaYd-A7GQJ0xfCyQN52o0lXPU0a7vdFVWskRV9IGxBVtpt8SawkUwU3GVm8Q6mT208D3FZb1Zz-AK4GARdqx9rbTc1u7wASPiP3DuAOSBQQIBBgBkgUECAUYBKAGLoAH27OIjQGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwDyBwQQ59EQ0ggJCIDhgBAQARgfgAoByAsBuBOIJ9gTDIgUAdAVAYAXAbIXGgoYCAASFHB1Yi0xOTYwMDM0MjgwMTIyMTMx&sigh=Kqf0VfIO9-U&template_id=5000

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Jun 2021 21:04:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 downsize_200k_v1
tpc.googlesyndication.com/simgad/729866472740941564/ Frame 0D11 42 KB
42 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/729866472740941564/downsize_200k_v1?w=600&h=314

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f03d7eb01f0893aef0113bae1b6137eb9707f175ccf6b5eb3519964fe403320

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 02 Jun 2021 06:50:23 GMT
x-content-type-options: nosniff
age: 396858
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43162
x-xss-protection: 0
last-modified: Tue, 16 Mar 2021 09:31:29 GMT
server: sffe
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 06:50:23 GMT

GET
DATA 200
OK truncated
/ Frame 0D11 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 fischers-fritze-armband-segeltau-makrele-1.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 4 KB
4 KB 11ms
9ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-armband-segeltau-makrele-1.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2e6c50e01e8312e622ccfc4da2d5359895bf044b1de09535c550dc0c4f6a8937

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 433765
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4465
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 20:35:16 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 20:35:16 GMT

GET
H3-29 200 fischers-fritze-armband-segeltau-makrele-2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 2 KB
2 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-armband-segeltau-makrele-2.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92df62bd85f33deb2c33028da8d4941b6c4d282ffcc83229f3b1e14567a86760

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 423424
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2389
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 23:27:37 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 23:27:37 GMT

GET
H3-29 200 fischers-fritze-armband-segeltau-makrele-blau-weiss-marineblau.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 5 KB
5 KB 10ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-armband-segeltau-makrele-blau-weiss-marineblau.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74f72b882772f55b18ade81af9f4edf374df3ef02f3228f035f89a09c1343805

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 423424
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5368
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 23:27:37 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 23:27:37 GMT

GET
H3-29 200 fischers-fritze-armband-segeltau-makrele-grau-marineblau.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 4 KB
4 KB 13ms
11ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-armband-segeltau-makrele-grau-marineblau.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

860b6484b5bf2c58e24aeb5e21f1b215713b0f35d0648a74b9943c0a31756506

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 486219
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4490
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 06:01:02 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 06:01:02 GMT

GET
H3-29 200 fischers-fritze-logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 1 KB
1 KB 12ms
11ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d6cf8512c59dd4003d0bfda0972fea8429f16b1577b3a961280a199a2d76e05f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 423424
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1350
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 23:27:37 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 23:27:37 GMT

GET
H3-29 200 fischers-fritze-manufaktur-armband.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 897 B
926 B 12ms
10ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-manufaktur-armband.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bf9edd6fc4f18d7b2f76f51cca8fbdadb77d9626456eeadb574f288c55f36d68

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 513078
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 897
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Mon, 31 May 2021 22:33:23 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 31 May 2022 22:33:23 GMT

GET
H3-29 200 fischers-fritze-entdecken.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 492 B
521 B 11ms
10ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-entdecken.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

094b34c0ce2773a5068a745f66ede78de6c05fd9e05d37fa554ff045214a4897

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 403172
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 492
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Wed, 02 Jun 2021 05:05:09 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 02 Jun 2022 05:05:09 GMT

GET
H3-29 200 fischers-fritze-armband-segeltau-makrele-rot-marineblau.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/ Frame 7056 8 KB
8 KB 11ms
9ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/fischers-fritze-armband-segeltau-makrele-rot-marineblau.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/4197584976618968369/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a616eab6f7c78ac433c4aeca1e5d11693c60181cae78d9dca0f50d096b3ee0d5

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 483294
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7824
x-xss-protection: 0
last-modified: Tue, 13 Aug 2019 07:04:22 GMT
server: sffe
date: Tue, 01 Jun 2021 06:49:47 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 01 Jun 2022 06:49:47 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7881 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 06 Jun 2021 03:04:19 GMT
expires: Mon, 07 Jun 2021 03:04:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64822
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 0D11 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8573085ac05878ba5804257ecfca878d02e5b0387e1ab898b693caf142aa5c7c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0D11 21 KB
21 KB 17ms
13ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 21:07:59 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:21 GMT
server: sffe
age: 431802
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21716
x-xss-protection: 0
expires: Wed, 01 Jun 2022 21:07:59 GMT

GET
H3-29 200 4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2
fonts.gstatic.com/s/googlesans/v27/ Frame 0D11 21 KB
21 KB 19ms
16ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v27/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://googleads.g.doubleclick.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 17:27:26 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Nov 2020 20:26:16 GMT
server: sffe
age: 445035
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21552
x-xss-protection: 0
expires: Wed, 01 Jun 2022 17:27:26 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 0BA0
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
15ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUmXn1cES90f735UvZzPnJGkWc0vftk2XY1laUEnpqwqqLNbzth6tj3V2oiYzUs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:41 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 06-Jun-2021 22:04:41 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:41 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEGUmkAVDoupr8MT_vlfmySk&google_cver=1&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlk...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlkNsJEhdFovHQeigbMFHZjNWDK8uEfcapGKYlCtWewE&google_hm=YXUhGLC...

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlkNsJEhdFovHQeigbMFHZjNWDK8uEfcapGKYlCtWewE&google_hm=YXUhGLCwpvsaonlyikhZtA

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPKcjOdAffPLV5sOev5cA-hRYMoCyXypWKNb6bnkO9dYSMz1QwYBlkNsJEhdFovHQeigbMFHZjNWDK8uEfcapGKYlCtWewE&google_hm=YXUhGLCwpvsaonlyikhZtA
pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://d.agkn.com/pixel/2175/?google_gid=CAESEC4BXaLPZWvW9Ldev7Ui5A8&google_cver=1&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY
https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY&google_hm=Q0FFU0VDNEJYYUxQWld2Vz...

170 B
188 B

36ms
36ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY&google_hm=Q0FFU0VDNEJYYUxQWld2VzlMZGV2N1VpNUE4

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 06 Jun 2021 21:04:41 GMT
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=ak_dmp&google_push=AYg5qPLzhzBNyqhVOko1KA_i4by7isoqT5AoOkj4nhnZVsC-PpDRdVDR-Vs3PPYciaAs_TbJsTqwJwmXwSezPhO0rzv1kw0TaiY&google_hm=Q0FFU0VDNEJYYUxQWld2VzlMZGV2N1VpNUE4
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPLo4jCgmVuXFdXnvr_TKnmw76gs6_033YBGNUNIfK22pcsfMfVxbuyZH0akm5TZ9Vgo0srsIzfPWt93Koj6s2_OYG6IS9E&google_gid=CAESEF4cq6TWTm4lnaNvYaz6WeI&goog...
https://id.rlcdn.com/1000.gif?memo=CK69HBoNCOnw9IUGEgUI6AcQAEIASm9nb29nbGVfcHVzaD1BWWc1cVBMbzRqQ2dtVnVYRmRYbnZyX1RLbm13NzZnczZfMDMzWUJHTlVOSWZLMjJwY3NmTWZWeGJ1eVpIMGFrbTVUWjlWZ28wc3JzSXpmUFd0OTNLb2...
https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwa0JPR0llMllhRmlmbTRZMXpTOW0yLTBQX0lhZEdsSjgzOG5qZEhZYkpuVQ==&google_push

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwa0JPR0llMllhRmlmbTRZMXpTOW0yLTBQX0lhZEdsSjgzOG5qZEhZYkpuVQ==&google_push

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Sun, 06 Jun 2021 21:04:41 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://cm.g.doubleclick.net/pixel?google_nid=liveramp&google_hm=WGMzMDcwa0JPR0llMllhRmlmbTRZMXpTOW0yLTBQX0lhZEdsSjgzOG5qZEhZYkpuVQ==&google_push
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJs0uuj_l0RJ4lagBPZ207I9sY4KzzpsBcof5OLxDGrKpqy1-5vfU_a5rHJi6h3mZwxHwF_ceUcsWfIl8UxUeeGgv9_hw

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPJs0uuj_l0RJ4lagBPZ207I9sY4KzzpsBcof5OLxDGrKpqy1-5vfU_a5rHJi6h3mZwxHwF_ceUcsWfIl8UxUeeGgv9_hw
date: Sun, 06 Jun 2021 21:04:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEPklkC0jS2c7mokQ5cSnFB0&google_cver=1&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMRkUtMjQtQ1hBSQ==&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5J5CknLtdOnuJ-So1HzO-TMz0

170 B
188 B

37ms
36ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMRkUtMjQtQ1hBSQ==&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5J5CknLtdOnuJ-So1HzO-TMz0

Requested by

Host: www.xn--82cz3bcub1a.com
URL: https://www.xn--82cz3bcub1a.com/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMRkUtMjQtQ1hBSQ==&google_push=AYg5qPJ7E5mEN7xMeKLjSclqkOpX-tBYqzp6B9ATVNN2HQw-OalG7jsxEl04feNnyhKaScFEwl5J5CknLtdOnuJ-So1HzO-TMz0
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame 7881
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOe...

0
0

GET
H2 200 trk
ag.innovid.com/ Frame 7881 43 B
296 B 74ms
18ms Image
image/gif 2a05:d01c:1d8:8100:61f8:e3:2497:5dcb
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ag.innovid.com/trk?tid=11711&google_gid=CAESEOG6Vwj9tlhsSWDnyj4ns_o&google_cver=1&google_push=AYg5qPKHOaPRyQ1PpxC-qOHB9mmrjiY2VPc1L-DLqB9yV-vQQrXX7KzOnHlJD3QsmWn9gzhTV6L60lVY6GQIP-UsDhm0bx-0-b4
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=280&adk=262951244&adf=706731172&pi=t.aa~a.907085792~rp.4&w=1200&fwrn=4&fwrnh=100&lmt=1623012548&rafmt=1&to=qs&pwprc=1729370017&psa=0&format=1200x280&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0&nras=2&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=200&ady=2621&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=2&uci=a!2&btvi=1&fsb=1&xpc=AB2Hb7cgOR&p=https%3A//www.xn--82cz3bcub1a.com&dtd=10
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d01c:1d8:8100:61f8:e3:2497:5dcb London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: no-cache
content-type: image/gif
content-length: 43
request-time: 0
expires: -1

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 7881 0
12 B 34ms
33ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I8LW2o4QBbbBMzUS17A2agu1Ad7hwHSsB2sJLkcwAKNHHWSDgaIeGXATDuNdPw6Khiq-Cz

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 7056 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 20:06:02 GMT

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame BF3A 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3519
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 20:06:02 GMT

GET
H3-29 200 4865036388210490677
tpc.googlesyndication.com/simgad/ Frame 55A0 22 KB
22 KB 7ms
7ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4865036388210490677?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4ql4togcbYf9-fwkDJ1_0KyNdcQ3XA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60394967636eaaea47bc18277fe70053922ab252793193ee58d8ba99fbf5f27b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 01 Jun 2021 23:25:56 GMT
x-content-type-options: nosniff
last-modified: Tue, 01 Jun 2021 15:55:14 GMT
server: sffe
age: 423525
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22656
x-xss-protection: 0
expires: Wed, 01 Jun 2022 23:25:56 GMT

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/ Frame 55A0 17 KB
7 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/abg_lite_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 540
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7001
x-xss-protection: 0
server: cafe
etag: 17954294202796946299
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 20:55:41 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 55A0 2 KB
1 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:03:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1303
x-xss-protection: 0
server: cafe
etag: 14729628269804859526
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:03:51 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 55A0 122 KB
37 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:41 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1622806011323838"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:41 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 55A0 13 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:02:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 109
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5635
x-xss-protection: 0
server: cafe
etag: 1091097466425408374
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 21:02:52 GMT

GET
H3-29 200 one_click_handler_one_afma_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/ Frame 55A0 25 KB
10 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210601/r20110914/client/one_click_handler_one_afma_fy2019.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d8c60d643e58946baee86cbad5d665082f2acbb595f5dbc337f2a9d3f5fe39e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 19:58:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3977
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10533
x-xss-protection: 0
server: cafe
etag: 2880717265082513417
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 20 Jun 2021 19:58:24 GMT

GET
H3-29 200 adview
googleads.g.doubleclick.net/pagead/ Frame 55A0 0
0 17ms
16ms Fetch
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Ca9McaTi9YNCPCYiOYbnZntgDtbLOimOo0YXNoA7rteq53BwQASC1h8N_YJUCoAHSwpCxAsgBAqkCpYzRIahptD6oAwHIA8kEqgTLAU_QHFsRxvpTbGXQCDAyt3ALWZYsl4SDYDEP592TFcAXbUyURnjZ8SZ2jrRcJ7JDD4eo4F5wmeZtltb7m32xJL8JykHvo_XZ4mfu3vPEtPxRF7Ow-MlDAYrwHVHvjYUTuqf2LNx61NXvwIzx1pys19Eg9AyfL6fPmA32c9_fgc6AUs-Q5gBN-g8zuRQjrXcYLjZ8JOp56BpDTegCkQfvJXlnm-2QECPpEE6YEmEmRIJ9FvU0B3HIPyTFvxdPFxpehzL5FdnvDEa0bF22wATLyZzGowOSBQQIBBgBkgUECAUYBKAGAoAHlr3vzgGoB4qcsQKoB9XJG6gH8NkbqAfy2RuoB47OG6gHk9gbqAe6BqgH7paxAqgHpr4bqAfs1RvYBwHyBwQQwL0D0ggJCIDhgBAQARgfgAoByAsB2BML0BUBgBcBshcaChgIABIUcHViLTE5NjAwMzQyODAxMjIxMzE&sigh=uFdOdIq4s3I

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Sun, 06 Jun 2021 21:04:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3-29 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A907 143 B
163 B 7ms
5ms Document
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUl6FBevsMssKdgRcfBCDXUnNtol9nWbINOC6izZ-MNvN0avQEz7B5bREJkaFPQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Sun, 06 Jun 2021 20:36:58 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1663
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 redir.html Show response
p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 92D6 247 B
789 B 119ms
33ms Document
text/html 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

be56e341955bca1eea5055297810e5472addf59a6f0c7d600a6fd54253c7b703

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/redir.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-6v3CsXCz8d5YmJsjfhJ95A' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 204
date: Sun, 06 Jun 2021 21:04:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Mon, 02 Dec 2019 20:15:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BD39 1 KB
749 B 6ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Sun, 06 Jun 2021 03:04:19 GMT
expires: Mon, 07 Jun 2021 03:04:19 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 64822
cache-control: public, max-age=86400
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 55A0 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae19a227324f18ce73146d5494b2a185f5d490f139b4de107eb77c6798c0c596

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEG2nJ7UREY0RUcdkZTSNhXs&google_cver=1&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIf...
https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIfJnKfI6VZQIEEUvs1iahhizHlrzmiKJ4Vyw_zBu5N0&google_hm=YXUhGLC...

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIfJnKfI6VZQIEEUvs1iahhizHlrzmiKJ4Vyw_zBu5N0&google_hm=YXUhGLCwpvsaonlyikhZtA

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=B765081F39B1F7&google_push=AYg5qPL7L-lf7GENhalJ0n7BPYoJIgmMsJhqozHly9fLiSWbgUB96unoIfJnKfI6VZQIEEUvs1iahhizHlrzmiKJ4Vyw_zBu5N0&google_hm=YXUhGLCwpvsaonlyikhZtA
pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
strict-transport-security: max-age=86400
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 466606.gif
id.rlcdn.com/ Frame BD39 42 B
318 B 27ms
25ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/466606.gif?cparams=google_push%3DAYg5qPIgTmXRsrEROBWDoGFCtAtjCjlWa6smERYD67-LoYEqBBl_CZmIZocQl1QKlpkqaHtSEI-YKWpOzYXibs2-Ea3IuxBgTQU&google_gid=CAESEJWl5mGqRyJW-wFsKOuze2Y&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1960034280122131&output=html&h=308&adk=4223420706&adf=3988754407&pi=t.aa~a.2070610203~rp.4&w=350&lmt=1623012548&nsk=74d5b477&rafmt=11&pwprc=1729370017&psa=0&ad_type=text_image&format=350x308&url=https%3A%2F%2Fwww.xn--82cz3bcub1a.com%2F&flash=0&pra=3&wgl=1&fa=26&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ..&dt=1623013481090&bpp=1&bdt=1412&idt=-M&shv=r20210601&cbv=%2Fr20190131&ptt=9&saldr=aa&abxe=1&cookie=ID%3D9c0769e45a968e42-223156bc59c800d9%3AT%3D1623013481%3ART%3D1623013481%3AS%3DALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw&prev_fmts=0x0%2C1200x280&nras=3&correlator=1643070725622&frm=20&pv=1&ga_vid=391576633.1623013481&ga_sid=1623013481&ga_hid=470307220&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=625&ady=3383&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=21066430%2C44740386&oid=3&pvsid=3797586331432764&eae=0&fc=1792&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=3&uci=a!3&btvi=2&fsb=1&xpc=dVJXqi1DlJ&p=https%3A//www.xn--82cz3bcub1a.com&dtd=13
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:42 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKqeyiH...
https://e.dlx.addthis.com/e/a-1189/s-3614?redirect_provider_id=3614&ru=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Ddatalogix_dmp%26google_hm%3D%3CNA_ID%3E%26google_push%3DAYg5qPKqeyiH...
https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA2MDYyMTA0NDI0NTk0NTk1ODU3MTc1Mg%3D%3D&google_push=AYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1C...

170 B
188 B

35ms
35ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA2MDYyMTA0NDI0NTk0NTk1ODU3MTc1Mg%3D%3D&google_push=AYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1CN-PfK4ZnDoQkAvQzKk3ZsOsEP9Tvs

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=datalogix_dmp&google_hm=MjAyMTA2MDYyMTA0NDI0NTk0NTk1ODU3MTc1Mg%3D%3D&google_push=AYg5qPKqeyiHR-hQTICFh9lmC2LrOamIaj06_kFNJ4h6kqCiHy6cr8Lw1OVA_f80A1fv1CN-PfK4ZnDoQkAvQzKk3ZsOsEP9Tvs
Pragma: no-cache
Date: Sun, 06 Jun 2021 21:04:42 GMT
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEGWiWsAA-uTWyFGUM_kRYws&google_cver=1&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

170 B
188 B

35ms
34ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:41 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPKfNVLkWj-_oKmOXQh1RXou10CeQNWrkOYR4LbisBA3Cn5n5vKonYI5YvCdPfTa8Q-EHLLii7_06-iWeUghO4utLklU4g&google_hm=4Gz0Fg0hymUKrwUi2JKEHg==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: clear
content-length: 0
x-request-id: 4tci09n5s28db47e675d2ljqueurl59e

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...

170 B
188 B

36ms
35ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnoZrq3qh2JvhSYyeUHJK0lh8J1vkBUwYw2AAtIMI1lYTaNGHBs86to4M4lt8wcR6QjXqorKe7ikvwShvydws3ydPyw

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=001mfGiJSMOELc2mSf5GpQ%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPKVnoZrq3qh2JvhSYyeUHJK0lh8J1vkBUwYw2AAtIMI1lYTaNGHBs86to4M4lt8wcR6QjXqorKe7ikvwShvydws3ydPyw
date: Sun, 06 Jun 2021 21:04:41 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKrHODe-2o5ruzRN_oYa6mI&google_cver=1&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMTEQtMTYtOEw4Vg==&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys96fOPfevZ9aheo2yBXxMWrY4

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMTEQtMTYtOEw4Vg==&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys96fOPfevZ9aheo2yBXxMWrY4

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1BMT0JMTEQtMTYtOEw4Vg==&google_push=AYg5qPKe61saBcGCaz6gj9WTSWHmVznWrsADBURp1-cX8x7TJggblvvVO5QwnjsvpOe63QhOKys96fOPfevZ9aheo2yBXxMWrY4
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET

pixel
cm.g.doubleclick.net/ Frame BD39
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZ...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame BD39 0
12 B 34ms
33ms Image
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IBposCFZ8PK-hdGBmRHlCbPjXfHRugeRCxBnNRo4fEnTVPbwAKqvJQchNr8j_jz6-1gFVs

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:42 GMT
server: HTTP server (unknown)
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame A907
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

15ms
14ms

Document
text/html

2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: DSID=NO_DATA; IDE=AHWqTUl6FBevsMssKdgRcfBCDXUnNtol9nWbINOC6izZ-MNvN0avQEz7B5bREJkaFPQ
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:42 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Sun, 06-Jun-2021 22:04:42 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Sun, 06 Jun 2021 21:04:42 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Sun, 06 Jun 2021 21:04:41 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 iframe.html Show response
p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/ Frame 92D6 4 KB
2 KB 67ms
33ms Document
text/html 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Requested by

Host: p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com
URL: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

7f484906da2fdc6af02f3db20d351f7002be36222105cf4b7cbfe2afd6a7dbde

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com
:scheme: https
:path: /v6exp3/iframe.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
content-security-policy-report-only: script-src 'nonce-wm1YCAJnGpCgiFRdrnBsRA' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/static-on-bigtable; base-uri 'none'
cross-origin-resource-policy: cross-origin
content-length: 1861
date: Sun, 06 Jun 2021 21:04:42 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
last-modified: Thu, 29 Apr 2021 21:38:00 GMT
x-content-type-options: nosniff
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 10 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20210601&st=env

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8d052ad9653a973f7937a41f4de93049072060c3c95945d0c3b923e8dd6e337

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 06 Jun 2021 21:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7660
x-xss-protection: 0

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame D34E 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3520
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 20:06:02 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 21:04:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Sun, 06 Jun 2021 21:04:42 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/222/ Frame 7391 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/222/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5022
date: Sun, 06 Jun 2021 18:26:01 GMT
expires: Mon, 06 Jun 2022 18:26:01 GMT
last-modified: Wed, 20 Jan 2021 19:23:06 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 9521
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1698 783 B
530 B 17ms
17ms Document
text/html 2a00:1450:4001:827::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c6e4224f8fca98dd543a950c3277c49fa8e4940253894f62df6d21749c1ce9bb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-mojlE8fWLAmLi6Cq+honmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.xn--82cz3bcub1a.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.xn--82cz3bcub1a.com/

Response headers

expires: Sun, 06 Jun 2021 21:04:42 GMT
date: Sun, 06 Jun 2021 21:04:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-mojlE8fWLAmLi6Cq+honmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 7391 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/222/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sun, 06 Jun 2021 20:06:02 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3520
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 06 Jun 2022 20:06:02 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=222&t=2&li=gda_r20210601&jk=3797586331432764&bg=!QkGlQQXNAAY6sG-_OrA7ACkAdvg8WrQHUxKIyP1cIDkaUb96r5w5EqeN0ik6M3Mt8hgV6J-Oi3AiWwIAAABEUgAAAApoAQcKABHfGyUsxkT7207VGwtdLUNMGpkCR0Vpt9ve-MsUZTjtdc2mQn6OArEddTzkh2aZIfBlAA6RZDSFYIVVAKUUAcIbSsocTPpTxVgYDOo61jDALs80t-nd3tZ7SnPeu9NRw3iyTAiqiNUXPKAcvF_0O7K6Gafu1IlONFPMoirgc4kg0NTd_SnAFhi7l7NqrLFBw8apRV-H_LEO7rPGXOxFTL21lhzWgzwW94Zdt7eD_quDK-7xwAE6bTa_YIq_pAung6jXJP6f-hW5G7Hv4RedhMLTP42tGRxNBfikb07ss5uN-fJRCs-r2715TkVqFNGhHrLpDMKM3amqgaT5nKFDFpdZ2F7useJipGER5L6oJyl9lK6D4dy9Sn1z3nvs1Cf6TzngrEWwxFxXO47AX6Vj0DKNiqcStQE2wBLdbyLI_A2EZefFmGHbResVwcs6IcDyn8xzP3gqwcSicRIO6MWVazjT6TWX90CZ6pcAAGazihtfAwYUwSUQ6pm2D_J0UalAdpCgTube-kxh2WBWIbGDl3xnQhDQUCBkvXzRf-arLQZIFjejKdi3sK_BPCKVjwsE_2Gt7kAtkRk_tarGZC21Y1Vu6SFtE8MTR03JxjgMXOdmdwfZlnToHyaNPKlrkS4XeHOPkt3dU-kWYb0VRtXfdAWQfu2t8B9_CB38VnMbohgcRDkuSO1IZ2qapepRvw5SNPcs-auKwSNv-XN9VFKQeOS9rPJLcbZTHpeIyhJKmClchyCeZv8h-ENkTpEJK-73aHbefoOXvGd6yGX9__5jwMCq0LtYfm2RW4QXoFI

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.xn--82cz3bcub1a.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:42 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com/v6exp3/ Frame 92D6 35 B
410 B 446ms
33ms Image
image/gif 142.250.185.242
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.242 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f18.1e100.net

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 6.gif
p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com/v6exp3/ Frame 92D6 35 B
410 B 48ms
14ms Image
image/gif 2a00:1450:4001:80e::2012
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com/v6exp3/6.gif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2012 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 06 Jun 2021 21:04:52 GMT
x-content-type-options: nosniff
last-modified: Thu, 03 Oct 2019 10:15:00 GMT
server: sffe
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ3hXVIeXVaVQd6-HyeE5-BeTXZ4yOPTRNXSUVJJvQD30nqFnRawuN4fPu84BqpEpSp-mKXvfMavfyxS1R_Wf7r4tsi7GAwUA&google_gid=CAESEPxw7D24uOTp3XwUrtxKYbg

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_gid=CAESEDPt8ddtz-VUyT1CvGLmj54&google_push=AYg5qPL-CXsFC4yO12DyvLQLsWV8xfo-kxRvdEINDBzhpc9qsOeNhDTXLG3Kyv7n-P--NZNEAR1JyHo03wQ1PRAATKZkJni6EGE&google_cver=1

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YL04aT-n8EGj9rRV6D05JQAABF0AAAIB&google_cver=1&google_push=AYg5qPJ4RLbuwsI2kF2bp9-jwHg58wdSgfn3w7g5mfTbrsO_kM5D0EQu_ITBJjSpEns95944LmIZu_8lZqr1cQY9LvBHukGYCQ&google_gid=CAESEI3LFGrFVAxca7XK6oGdlik

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 04:11:49	Name: IDE Value: AHWqTUl6FBevsMssKdgRcfBCDXUnNtol9nWbINOC6izZ-MNvN0avQEz7B5bREJkaFPQ
.xn--82cz3bcub1a.com/	1970-01-19 18:51:39	Name: _gid Value: GA1.2.1095945709.1623013481
.doubleclick.net/	1970-01-19 18:50:17	Name: DSID Value: NO_DATA
.xn--82cz3bcub1a.com/	1970-01-19 18:50:13	Name: _gat_UA-153146014-2 Value: 1
.xn--82cz3bcub1a.com/	1970-01-20 04:11:49	Name: __gads Value: ID=9c0769e45a968e42-223156bc59c800d9:T=1623013481:RT=1623013481:S=ALNI_MYfUr1DlrIqh0vk5i2EfROBvGClaw
.xn--82cz3bcub1a.com/	1970-01-20 12:21:25	Name: _ga Value: GA1.2.391576633.1623013481

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
ag.innovid.com
cm.g.doubleclick.net
cms.quantserve.com
d.agkn.com
e.dlx.addthis.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
googlecm.hit.gemius.pl
id.rlcdn.com
image6.pubmatic.com
odr.mookie1.com
p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i1-v6exp3.v4.metric.gstatic.com
p4-gbjw57fj5h7vu-mqykddz4andxdebo-536263-i2-v6exp3.ds.metric.gstatic.com
p4-gbjw57fj5h7vu-mqykddz4andxdebo-if-v6exp3-v4.metric.gstatic.com
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.rubiconproject.com
rtb.openx.net
tpc.googlesyndication.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.xn--82cz3bcub1a.com
cm.g.doubleclick.net
142.250.181.226
142.250.185.227
142.250.185.242
142.250.186.130
18.195.172.136
185.64.190.78
23.20.15.211
2606:4700:3036::6815:3c07
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:809::2001
2a00:1450:4001:809::2002
2a00:1450:4001:80e::2012
2a00:1450:4001:810::2008
2a00:1450:4001:827::2004
2a00:1450:4001:827::200e
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::2003
2a00:1450:4001:82a::2002
2a00:1450:4001:830::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:4001:831::200e
2a05:d01c:1d8:8100:61f8:e3:2497:5dcb
34.98.67.61
35.227.252.103
35.244.174.68
69.173.144.139
79.137.69.120
094b34c0ce2773a5068a745f66ede78de6c05fd9e05d37fa554ff045214a4897
09a4be40c90137d981d4518d5b5ccb527d29e369e432e9c5ee092aa638049f80
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d5f76008f1784b20b99d51741b2f8b8bbee28d5f2950ca2cf4226b6d61b1344
1381f68a6b37e14e40c56d40db12aadabb56dba213d5ae57b3e3921486b51b8f
14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2
14b8f67ab8ebd70ddee64b2c8a4c0997ddb1ad03e2ecfb73deefa8ab94275aba
15179bcf587735652ddf7a4af0ed500881cb4b4eaf3effce1719c1d3de17f79d
16a7b7a50d09178946d64f7fb089f476e501039661dfcea0f584ceb001832b31
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18126d8482e63d62e73f2e16b08ddbd033be507cec6c4c6b8c89954ed77f58a1
185c8f0ba5c84bb93c5ce2c23f353a9f5db8d4b7cdb4a03d816867c2a3871ed0
1b038d32bcc3c7474e373bd69201d7fa600c6bb953edc125685d2c884b44d140
1cf04407e728ea1ebf82dc1c6b45d12632cb3202ff8f4556f380b16e57484f27
1dad6cb9a0903898a8f82f89c0d10ee6e94f8459228530fa5df3078100c9f650
1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c
27466895d3e9250f3d0ae0e726f72b8a5c23e2aa83f9caaaf99dcb9f18fcac4c
2801726ea332e2c942f87fbb92b640aa6e983978426669e9d3e13b471ea096cb
2baccefb5cede601d5fc018290c68a748e3199cf5c00cc77dbbf6491531d3592
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
2e6c50e01e8312e622ccfc4da2d5359895bf044b1de09535c550dc0c4f6a8937
3858c5a6440cc4f1dfa20017a3216f98a22130c6a78c66c56a75ec14990e5176
3f03d7eb01f0893aef0113bae1b6137eb9707f175ccf6b5eb3519964fe403320
49aea8d1206dbb5e3c8a7d4db9274d2efa2111d8b53acb901efc378b1feca381
49f0343ae8f50358f6b534a4bf4c04107df5119a2f413eb9acb07360d84a68d9
4d7bc2e5c2959435469986ff3eb98d158edf428ed8eeccb0e8ffe31d3336c9ac
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
500ace68eca4eb16cccd86402f9cf3888a652a54c270db4f362fc6c6245a0622
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
599325d39743959cdacb163b742dd6f622443a73f155364bbcc465a291ce0b5a
5a06800ad719e1f1b46691ded5a5577666d2fc30f950b0ba544352ede4e25de7
5a22ea1e669787ee69ddf4c18c21bac7a86c6a7b1b85ede1242c177facc3a721
60394967636eaaea47bc18277fe70053922ab252793193ee58d8ba99fbf5f27b
6836719899bda27cd22c1551cb7fbfc33fb0bbbedaa89e4baa8715fef8202cbc
6983b6253453cd7c61d714f6468e5eb6b4734c13ddba3b3fd77d73ebbf676322
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6c1b2722be99e0f2c4cd70c48f342eb543a3ee0bec1b5dc6f1d72b034e013b47
6e312f277726cf12aa508a34dfc0c5217b72334652dc99f8df30559e3e8dc971
6ebcda7a3a41ef97f0b4071160ceb1020e540fdc0f790079a5c2ef01ab654fe0
702e78ba02b2aa91b7629a42cfccb096bdefd0e5ad948023e9788e80a77bfef5
731d7bd9ce2c95bf6af3d5719b995d714111949fb37b39919d45828875361233
74f72b882772f55b18ade81af9f4edf374df3ef02f3228f035f89a09c1343805
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4
7ab129d8df68b1617e82f795c6063a0ba81a47b320cbc0c6f904bd04f5072b18
7c68a8cea7cba0e5fdc3d152ba4b06a41beff8da3953c4b231529bd7a744c5a2
7f484906da2fdc6af02f3db20d351f7002be36222105cf4b7cbfe2afd6a7dbde
815aa02acb9cacb5ea54be5d1d6854a1d2c05f0880b2158f6c5c395b64a5a038
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83d9791c028ea5e26c8766fa13143bbaeedbb1aa0932798be9386b48a1278a66
84af59f1495afce65cc848eadff0abcf24460f84dc09980c3df494aee501e753
8573085ac05878ba5804257ecfca878d02e5b0387e1ab898b693caf142aa5c7c
860b6484b5bf2c58e24aeb5e21f1b215713b0f35d0648a74b9943c0a31756506
86e496b536b26ba60cdb68df9dd9143b19a63b65e30e373b0321833aab1295d6
891a6edbc3040f9b3b23062108409d20b4345e3179f3a9da3e5fdc195782befd
92df62bd85f33deb2c33028da8d4941b6c4d282ffcc83229f3b1e14567a86760
95a11bf226eb967aff4b75d4d0e278de82d38e7a1ed4b052e2157f8764288ab7
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a616eab6f7c78ac433c4aeca1e5d11693c60181cae78d9dca0f50d096b3ee0d5
aaf69f969c85107828b863ad90f70534c60fc64cbb1a7f3e28d78692d8854db5
ab83a4d15412f1d8d9c50e79068e5a124522045900e99d4c36613364b03f40f5
ad37f410ad2a0d20e6cf196f1b39beac83525f9e1904b794d9e482c11d8ef8c1
ae19a227324f18ce73146d5494b2a185f5d490f139b4de107eb77c6798c0c596
ae527135a3acdc3971662044dd3869265fcbfacaab816949604b0d37dba6a314
b05353c18b63e543aa04bcc183e22dfae533cc8f05a5d4530bdcf492fb75b31c
b0afbdd068bd9e7ab578552a0b8fa4024a01415f0951f99771e73576acee1ee3
b42caef1a29745971a3cb0ae39444bad3338dc56e3b08972af775eb13030ec93
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
b8d052ad9653a973f7937a41f4de93049072060c3c95945d0c3b923e8dd6e337
bb68981b34b98d228550bbc4404ff83789092468a2d6c8f0d13236b3665d2965
bca58cb91d0442fbc4394a6675603165ecaa067a92f4f6e115e34dfa2833a37a
bca7af0b45b6fc6a2064e8e7a34f2041f3e77261e63f0257209bcde6bc40545d
bd6e10b962ac8a3b08eb400fb34f375246681836625f5d29e7946d6ca7198ec7
be56e341955bca1eea5055297810e5472addf59a6f0c7d600a6fd54253c7b703
bf9edd6fc4f18d7b2f76f51cca8fbdadb77d9626456eeadb574f288c55f36d68
bfdbc7767ae7b53a96fa8e5a2c22ed7ab9b86b2308048a17544e64b0fdd201f1
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
c6e4224f8fca98dd543a950c3277c49fa8e4940253894f62df6d21749c1ce9bb
cccf755fdc293fe7425b5f7ef8b5926f5b9d370a6f5e02626797a4607c943168
cd56bcb2963e1d86c609369266157968bfd1dc728b25c7c5e03ced39708ced20
d23c5b64267e68b97dc70189291c94a5667ea5909da15611dd203dce3c1ead9c
d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d6cf8512c59dd4003d0bfda0972fea8429f16b1577b3a961280a199a2d76e05f
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
d8c60d643e58946baee86cbad5d665082f2acbb595f5dbc337f2a9d3f5fe39e4
d9de83c923a234e8b164d2351ed47b456ec3417785b5fc33b4827f071f51f05f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e88d81f5c490686f6d2d41c572b963c1088f48a1ee6994b6996c2f15af4a756e
e98cac48f5c13b3fbaa28458f0d8f26a78c9d944f8f4edad9abcb249b9028ca7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2c761ee3ce27469f940a05b64e38a829a400427727cd0bdbb4e36f1d572afd7
fbac840dc5788c77878f5810621ff2188019ae682e3f33040d733868f2ad7d12
fbc199bf7f97061c41664b040e84616a0cb54441a2efc5801d5d401d3a049f3c

www.xn--82cz3bcub1a.com Open in urlscan Pro Puny www.ตรวจหวย.com IDN 2606:4700:3036::6815:3c07 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

142 Requests

98 %HTTPS

59 %IPv6

21 Domains

28 Subdomains

24 IPs

4 Countries

3881 kBTransfer

5987 kBSize

6 Cookies

2 Outgoing links

Redirected requests

142 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 9 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.xn--82cz3bcub1a.com Open in urlscan Pro Puny
www.ตรวจหวย.com IDN
2606:4700:3036::6815:3c07 Public Scan

Screenshot
Live screenshot

Full Image

142
Requests

98 %
HTTPS

59 %
IPv6

21
Domains

28
Subdomains

24
IPs

4
Countries

3881 kB
Transfer

5987 kB
Size

6
Cookies

142 HTTP transactions
9 data transactions